pkg:RubyGems/camaleon_cms

All known vulnerabilities

• CRITICAL9.8CVE-2023-30145Server-Side Template Injection in Camaleon CMS
  from 0, < 2.7.4
• HIGH8.8CVE-2024-46986Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
  >= 2.8.0, < 2.8.1
• HIGH8.8CVE-2021-25970Camaleon CMS Insufficient Session Expiration vulnerability
  >= 0.1.7, < 2.6.0.1
• MEDIUM6.5CVE-2026-1776Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation
  >= 2.4.5.0, <= 2.9.1
• MEDIUM6.5CVE-2024-46987Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
  from 0, < 2.8.1
• MEDIUM6.1CVE-2021-25969Camaleon CMS Stored Cross-site Scripting vulnerability
  >= 0.0.1, < 2.6.0.1
• MEDIUM6.1CVE-2018-18260Camaleon CMS vulnerable to Stored Cross-site Scripting
• MEDIUM4.9CVE-2021-25972Camaleon CMS vulnerable to Server-Side Request Forgery
  >= 2.1.2.0, < 2.6.0.1
• MEDIUM4.8CVE-2024-48652camaleon_cms affected by cross site scripting
  from 0, <= 2.7.5
• MEDIUM4.3CVE-2021-25971Camaleon CMS vulnerable to Uncaught Exception
  >= 2.0.1, < 2.6.0.1
• —CVE-2025-2304Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
  from 0, < 2.9.1