Skip to main content

Camaleon Cms

11 CVEs product

Monthly

CVE-2026-10715 MEDIUM This Month

Improper authorization in Camaleon CMS 2.9.2 allows any low-privileged authenticated user to overwrite draft content belonging to other users by supplying an arbitrary post_id to the administrator draft autosave endpoint. The application authenticates the requesting user but performs no ownership check, meaning a contributor or editor can silently corrupt unpublished drafts they do not own. No public exploit code has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV.

Authentication Bypass Camaleon Cms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-1776 Ruby MEDIUM This Month

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem.

Path Traversal Camaleon Cms
NVD GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-48652 Ruby MEDIUM POC This Month

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Camaleon Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2024-46987 Ruby HIGH POC PATCH THREAT This Week

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Camaleon Cms
NVD GitHub Exploit-DB
CVSS 3.1
7.7
EPSS
14.6%
CVE-2024-46986 Ruby CRITICAL POC PATCH THREAT Act Now

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Camaleon Cms
NVD GitHub
CVSS 3.1
9.9
EPSS
35.5%
CVE-2023-30145 Ruby CRITICAL POC PATCH THREAT Act Now

Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Camaleon Cms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
45.9%
CVE-2021-25972 Ruby MEDIUM PATCH This Month

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SSRF Camaleon Cms
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2021-25971 Ruby MEDIUM PATCH This Month

In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Camaleon Cms
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-25970 Ruby HIGH PATCH This Week

Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Camaleon Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-25969 Ruby MEDIUM PATCH This Month

In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Camaleon Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2018-18260 Ruby MEDIUM This Month

In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Camaleon Cms
NVD
CVSS 3.0
6.1
EPSS
1.0%
EPSS 0% CVSS 5.1
MEDIUM This Month

Improper authorization in Camaleon CMS 2.9.2 allows any low-privileged authenticated user to overwrite draft content belonging to other users by supplying an arbitrary post_id to the administrator draft autosave endpoint. The application authenticates the requesting user but performs no ownership check, meaning a contributor or editor can silently corrupt unpublished drafts they do not own. No public exploit code has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV.

Authentication Bypass Camaleon Cms
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem.

Path Traversal Camaleon Cms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Camaleon Cms
NVD GitHub
EPSS 15% CVSS 7.7
HIGH POC PATCH THREAT This Week

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Camaleon Cms
NVD GitHub Exploit-DB
EPSS 35% CVSS 9.9
CRITICAL POC PATCH THREAT Act Now

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Camaleon Cms
NVD GitHub
EPSS 46% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Camaleon Cms
NVD GitHub Exploit-DB
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SSRF Camaleon Cms
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Camaleon Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Camaleon Cms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Camaleon Cms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Camaleon Cms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy