Vulnerabilities > Tuzitio > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-48652 Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.7.5
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
network
low complexity
tuzitio CWE-79
4.8
4.8
2021-10-20 CVE-2021-25969 Cross-site Scripting vulnerability in Tuzitio Camaleon CMS
In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post.
network
low complexity
tuzitio CWE-79
6.1
6.1
2021-10-20 CVE-2021-25971 Improper Handling of Exceptional Conditions vulnerability in Tuzitio Camaleon CMS
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception.
network
low complexity
tuzitio CWE-755
4.3
4.3
2021-10-20 CVE-2021-25972 Server-Side Request Forgery (SSRF) vulnerability in Tuzitio Camaleon CMS
In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers.
network
low complexity
tuzitio CWE-918
4.9
4.9
2018-10-15 CVE-2018-18260 Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.4.0
In the 2.4 version of Camaleon CMS, Stored XSS has been discovered.
network
low complexity
tuzitio CWE-79
6.1
6.1