CVE-2023-53936

Name of the Vulnerable Software and Affected Versions Cameleon CMS version 2.7.4

Description The application contains a persistent cross-site scripting issue. Authenticated administrators can inject malicious scripts into post titles. An attacker can create posts with embedded SVG scripts that execute when other users mouse over the post title. This could lead to session cookie theft and arbitrary JavaScript execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.