CVE-2021-25969 MEDIUM

CVE-2021-25969: Camaleon CMS - Stored Cross-Site Scripting (XSS) in Comments

Vendor Camaleon_Cms
Product camaleon_cms
Weakness CWE-79 · XSS
Published October 20, 2021
Last update April 30, 2025
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.

Key dates

02Disclosure timeline

October 20, 2021 CVE published
April 30, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-0018 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console) CVE-2022-38200 BUG-000142376 - Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server. CVE-2025-47931 LibreNMS stored Cross-site Scripting vulnerability in poller group name CVE-2021-42119 Stored XSS in Search Function in TopEase CVE-2025-2255 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab