CVE-2023-53936
Persistent XSS in Cameleon CMS 2.7.4 Enables Session Hijacking
Publication date: 2025-12-18
Last updated on: 2025-12-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| owen2345 | cameleon_cms | 2.7.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2023-53936 is an authenticated persistent cross-site scripting (XSS) vulnerability in Cameleon CMS version 2.7.4. It allows authenticated administrator users to inject malicious JavaScript code into the post title field. This malicious script is stored persistently in the database and executes in the browsers of users who view the affected post. The attack involves embedding SVG scripts with event handlers (e.g., onmouseover) in post titles, which trigger JavaScript execution such as stealing session cookies when users hover over the post title. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers with administrator access to inject malicious scripts into post titles. When other users view these posts and interact with the post titles (e.g., by hovering their mouse), the malicious scripts execute in their browsers. This can lead to session cookie theft, enabling attackers to hijack user sessions, and arbitrary JavaScript execution, potentially compromising user data and security within the CMS environment. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you can check for posts with suspicious SVG payloads in the post title field, especially those containing onmouseover event handlers. One approach is to query the database for post titles containing '<svg' or 'onmouseover'. For example, if you have database access, you can run a SQL query like: SELECT id, title FROM posts WHERE title LIKE '%<svg%' OR title LIKE '%onmouseover%'; Additionally, monitoring HTTP POST requests to the endpoint /admin/post_type/2/posts with parameters including post[title] containing suspicious scripts can help detect exploitation attempts. Manual verification can be done by logging into the admin panel (/admin/login), navigating to the Post tab, and reviewing post titles for embedded scripts. Since the vulnerability requires authenticated access, network detection might involve inspecting admin panel traffic for malicious payloads. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting administrator access to trusted users only, as exploitation requires authenticated admin privileges. Review and sanitize all post titles to remove any embedded scripts or SVG elements, especially those with event handlers like onmouseover. Apply input validation and output encoding to prevent script injection in post titles. If a patch or updated version of Cameleon CMS addressing this vulnerability is available, upgrade to that version promptly. Additionally, monitor and audit admin activities for suspicious post creations. As a temporary measure, consider disabling or restricting the post creation feature for administrators until a fix is applied. [1, 2]