Vulnerabilities > Tuzitio

DATE CVE VULNERABILITY TITLE RISK
2023-05-26 CVE-2023-30145 Code Injection vulnerability in Tuzitio Camaleon CMS
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
network
low complexity
tuzitio CWE-94
critical
 9.8
9.8
2021-10-20 CVE-2021-25969 Cross-site Scripting vulnerability in Tuzitio Camaleon CMS
In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post.
network
tuzitio CWE-79
4.3
4.3
2021-10-20 CVE-2021-25970 Insufficient Session Expiration vulnerability in Tuzitio Camaleon CMS
Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password.
network
tuzitio CWE-613
6.8
6.8
2021-10-20 CVE-2021-25971 Improper Handling of Exceptional Conditions vulnerability in Tuzitio Camaleon CMS
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception.
network
low complexity
tuzitio CWE-755
4.3
4.3
2021-10-20 CVE-2021-25972 Server-Side Request Forgery (SSRF) vulnerability in Tuzitio Camaleon CMS
In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers.
network
low complexity
tuzitio CWE-918
4.0
4.0
2018-10-15 CVE-2018-18260 Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.4.0
In the 2.4 version of Camaleon CMS, Stored XSS has been discovered.
network
low complexity
tuzitio CWE-79
6.1
6.1