5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-8fx8-3rg2-79xw

EPSS Score

CWE

CWE-79

Published

9/23/2024

Updated

9/23/2024

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-8fx8-3rg2-79xw

GHSA-8fx8-3rg2-79xw: Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to documents or a string of an unsupported format. If an authenticated user or administrator visits that uploaded image or document malicious JavaScript can be executed on their behalf (e.g. changing or deleting content inside of the CMS.)

Impact

This issue may lead to account takeover due to reflected Cross-site scripting (XSS).

Remediation

Only allow the upload of safe files such as PNG, TXT and others or serve all "unsafe" files such as SVG and other files with a content-disposition: attachment header, which should prevent browsers from displaying them.

Additionally, a Content security policy (CSP) can be created that disallows inlined script. (Other parts of the application might need modification to continue functioning.)

To prevent the theft of the auth_token it could be marked with HttpOnly. This would however not prevent that actions could be performed as the authenticated user/administrator. Furthermore, it could make sense to use the authentication provided by Ruby on Rails, so that stolen tokens cannot be used anymore after some time.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-8fx8-3rg2-79xw

GHSA-8fx8-3rg2-79xw:

5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-8fx8-3rg2-79xw

EPSS Score

CWE

CWE-79

Published

9/23/2024

Updated

9/23/2024

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
camaleon_cms	rubygems	< 2.8.1	2.8.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two code patterns in camaleon_cms_uploader.rb: 1) Lines 105-106 show format-based extension whitelisting, where 'documents' format permits HTML uploads. 2) Lines 110-111 handle unsupported formats by falling back to default extensions, which can be exploited by injecting arbitrary formats. These functions lack proper validation of user-controlled 'format' parameters and fail to enforce content-disposition headers for unsafe file types, enabling XSS via malicious file uploads. The direct code references in the advisory and the described attack vector (parameter manipulation) confirm these functions' roles in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.4

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-8fx8-3rg2-79xw: Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

Impact

Remediation

GHSA-8fx8-3rg2-79xw:

5.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

GHSA-8fx8-3rg2-79xw: Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

Impact

Remediation

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

5.4

5.4

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI