CVE-2023-53936

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-53936

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53936.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-53936

Published

2025-12-18T20:15:51.843Z

Modified

2026-03-11T22:29:43.978724Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing session cookies and executing arbitrary JavaScript.

References

Affected packages

Git / github.com/owen2345/camaleon-cms

Affected ranges

Type

GIT

Repo

https://github.com/owen2345/camaleon-cms

Events

Introduced

Last affected

b83efee10874460f367843b442cb5fae28b39c95

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.4"
        }
    ]
}

Affected versions

0.*

0.1.7

0.2.0

2.*

2.1.1

2.1.2

2.1.2.0

2.1.2.1

2.2.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.4.0

2.4.1

2.4.2

2.4.3

2.4.3.10

2.4.3.11

2.4.3.12

2.4.3.7

2.4.4

2.4.4.2

2.4.4.3

2.4.4.5

2.4.4.6

2.4.5

2.4.5.1

2.4.5.10

2.4.5.11

2.4.5.12

2.4.5.13

2.4.5.14

2.4.5.7

2.4.6.0

2.4.6.1

2.4.6.7

2.5.1

2.5.3

2.5.3.1

2.6.0

2.6.0.1

2.6.1

2.6.2

2.6.4

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

camaleon_cms-2.*

camaleon_cms-2.4.5.11.gem

v2.*

v2.0.0

v2.1.1.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53936.json"