Description: Camaleon CMS v2.7.4 was discovered to contain a Cross Site Scripting (store XSS).
Affected Component: All versions that are below 2.7.4
Step to reproduce : Detection and Exploitation: 1.Go to Add Category
2.Inject payload : "' test <img src="" onerror="alert(1)"> to name of category and save it
-
Go to list post and create a new post with a category that include a malicious payload. Then script is execute
-
Go to link of post then script is execute
poc:
