VulnerableCode Package Details - pkg:gem/camaleon

Search for packages

Vulnerability	Summary	Fixed by
VCID-6xw2-ykvp-4qaw Aliases: CVE-2021-25970	Insufficient Session Expiration Camaleon CMS to doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.	2.6.0.1 Affected by 0 other vulnerabilities.
VCID-9jsa-k6th-dubb Aliases: CVE-2021-25972	In Camaleon CMS to, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.	2.6.0.1 Affected by 0 other vulnerabilities.
VCID-b2rx-y3hz-63dx Aliases: CVE-2021-25969	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In “Camaleon CMS” application to are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.	2.6.0.1 Affected by 0 other vulnerabilities.
VCID-jwkf-ess3-9kgr Aliases: CVE-2021-25971	Unchecked Error Condition Camaleon CMS is vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted `.svg` file	2.6.0.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6xw2-ykvp-4qaw
Aliases:
CVE-2021-25970

Insufficient Session Expiration Camaleon CMS to doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.

2.6.0.1
Affected by 0 other vulnerabilities.

VCID-9jsa-k6th-dubb
Aliases:
CVE-2021-25972

In Camaleon CMS to, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.

2.6.0.1
Affected by 0 other vulnerabilities.

VCID-b2rx-y3hz-63dx
Aliases:
CVE-2021-25969

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In “Camaleon CMS” application to are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.

2.6.0.1
Affected by 0 other vulnerabilities.

VCID-jwkf-ess3-9kgr
Aliases:
CVE-2021-25971

Unchecked Error Condition Camaleon CMS is vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted `.svg` file

2.6.0.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:40:16.024978+00:00	GitLab Importer	Affected by	VCID-6xw2-ykvp-4qaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/camaleon_cms/CVE-2021-25970.yml	38.6.0
2026-06-02T04:40:15.982730+00:00	GitLab Importer	Affected by	VCID-jwkf-ess3-9kgr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/camaleon_cms/CVE-2021-25971.yml	38.6.0
2026-06-02T04:40:15.863183+00:00	GitLab Importer	Affected by	VCID-b2rx-y3hz-63dx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/camaleon_cms/CVE-2021-25969.yml	38.6.0
2026-06-02T04:40:15.818301+00:00	GitLab Importer	Affected by	VCID-9jsa-k6th-dubb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/camaleon_cms/CVE-2021-25972.yml	38.6.0