EPSS
Percentile
26.5%
camaleon_cms is vulnerable to cross-site scripting. Files uploaded via the media uploader are not validated. This allows a remote attacker to inject arbitrary Javascript into a victim’s browser via the filename parameter.
media uploader
filename
packetstormsecurity.com/files/149772/CAMALEON-CMS-2.4-Cross-Site-Scripting.html
packetstormsecurity.com/files/149772/CVE-2018-18260.txt