CVE-2021-25969: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

October 20, 2021 (updated November 29, 2021)

In “Camaleon CMS” application to are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.

References

nvd.nist.gov/vuln/detail/CVE-2021-25969

Code Behaviors & Features

Detect and mitigate CVE-2021-25969 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →