Search for packages
| purl | pkg:gem/camaleon_cms@0.0.1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-698a-rmdd-vqhs
Aliases: CVE-2025-2304 GHSA-rp28-mvq3-wf8j |
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering. |
Affected by 1 other vulnerability. |
|
VCID-b2rx-y3hz-63dx
Aliases: CVE-2021-25969 GHSA-x78v-4fvj-rg9j |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In “Camaleon CMS” application to are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T18:15:24.703670+00:00 | Ruby Importer | Affected by | VCID-698a-rmdd-vqhs | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2025-2304.yml | 38.6.0 |
| 2026-06-04T16:14:41.436875+00:00 | Ruby Importer | Affected by | VCID-b2rx-y3hz-63dx | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2021-25969.yml | 38.6.0 |
| 2026-06-02T04:40:15.859128+00:00 | GitLab Importer | Affected by | VCID-b2rx-y3hz-63dx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/camaleon_cms/CVE-2021-25969.yml | 38.6.0 |