Unknown · Camaleon Cms · CVE-2023-53936
**Name of the Vulnerable Software and Affected Versions**
Cameleon CMS version 2.7.4
**Description**
The application contains a persistent cross-site scripting issue. Authenticated administrators can inject malicious scripts into post titles. An attacker can create posts with embedded SVG scripts that execute when other users mouse over the post title. This could lead to session cookie theft and arbitrary JavaScript execution.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.