Vulnerabilities > Tuzitio

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-22	CVE-2024-48652	Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.7.5 Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. network low complexity tuzitio CWE-79	4.8
2024-09-18	CVE-2024-46986	Path Traversal vulnerability in Tuzitio Camaleon CMS Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. network low complexity tuzitio CWE-22 critical	9.9
2024-09-18	CVE-2024-46987	Path Traversal vulnerability in Tuzitio Camaleon CMS Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. network low complexity tuzitio CWE-22	7.7
2023-05-26	CVE-2023-30145	Code Injection vulnerability in Tuzitio Camaleon CMS Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. network low complexity tuzitio CWE-94 critical	9.8
2021-10-20	CVE-2021-25969	Cross-site Scripting vulnerability in Tuzitio Camaleon CMS In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. network low complexity tuzitio CWE-79	6.1
2021-10-20	CVE-2021-25970	Insufficient Session Expiration vulnerability in Tuzitio Camaleon CMS Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. network low complexity tuzitio CWE-613	8.8
2021-10-20	CVE-2021-25971	Improper Handling of Exceptional Conditions vulnerability in Tuzitio Camaleon CMS In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. network low complexity tuzitio CWE-755	4.3
2021-10-20	CVE-2021-25972	Server-Side Request Forgery (SSRF) vulnerability in Tuzitio Camaleon CMS In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. network low complexity tuzitio CWE-918	4.9
2018-10-15	CVE-2018-18260	Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.4.0 In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. network low complexity tuzitio CWE-79	6.1

Vulnerabilities > Tuzitio {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Tuzitio"}]}

Vulnerabilities > Tuzitio