Vulnerabilities > Tuzitio > Camaleon CMS > 0.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-26 | CVE-2023-30145 | Code Injection vulnerability in Tuzitio Camaleon CMS Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. | 9.8 |
| 2021-10-20 | CVE-2021-25969 | Cross-site Scripting vulnerability in Tuzitio Camaleon CMS In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. | 4.3 |
| 2021-10-20 | CVE-2021-25970 | Insufficient Session Expiration vulnerability in Tuzitio Camaleon CMS Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. | 6.8 |