CVE-2018-18260: Cross-site Scripting

October 15, 2018 (updated November 30, 2018)

A Stored XSS has been discovered in cameleon The profile image in the User settings section can be run in the update/upload area via /admin/media/upload?actions=false.

References

packetstormsecurity.com/files/149772/CAMALEON-CMS-2.4-Cross-Site-Scripting.html
nvd.nist.gov/vuln/detail/CVE-2018-18260

Code Behaviors & Features

Detect and mitigate CVE-2018-18260 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →