CVE-2021-25969: Camaleon CMS Stored Cross-site Scripting vulnerability
6.1
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.82163%
CWE
Published
5/24/2022
Updated
1/26/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
camaleon_cms | rubygems | >= 0.0.1, < 2.6.0.1 | 2.6.0.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from unsanitized rendering of user-controlled comment content. The patch diff shows:
- Removal of 'raw' keyword in ERB templates (which bypasses HTML escaping)
- Addition of 'sanitize' helper in comment_helper.rb
- Multiple template files previously used <%= raw comment.content %> which directly renders user input as HTML. This pattern matches classic stored XSS vulnerability patterns where untrusted user input is rendered without proper escaping/sanitization.