-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in the content group name field handling. In Rails applications, XSS typically occurs either during input sanitization (controller/model level) or output escaping (view level). The reproduction steps indicate stored XSS, requiring both: 1) insufficient input validation when saving the name field (controller/model), and 2) unsafe rendering in views. While exact code isn't available, the admin content group editing flow would logically involve these components. The high confidence in view rendering stems from Rails' default unsafe output behavior when using <%= %> without escaping.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| camaleon_cms | rubygems | <= 2.7.5 |
RubyRuby