CVE-2023-53936
Unknown Unknown - Not Provided
Persistent XSS in Cameleon CMS 2.7.4 Enables Session Hijacking

Publication date: 2025-12-18

Last updated on: 2025-12-18

Assigner: VulnCheck

Description
Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing session cookies and executing arbitrary JavaScript.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53936
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
owen2345 cameleon_cms 2.7.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53936 is an authenticated persistent cross-site scripting (XSS) vulnerability in Cameleon CMS version 2.7.4. It allows authenticated administrator users to inject malicious JavaScript code into the post title field. This malicious script is stored persistently in the database and executes in the browsers of users who view the affected post. The attack involves embedding SVG scripts with event handlers (e.g., onmouseover) in post titles, which trigger JavaScript execution such as stealing session cookies when users hover over the post title. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing attackers with administrator access to inject malicious scripts into post titles. When other users view these posts and interact with the post titles (e.g., by hovering their mouse), the malicious scripts execute in their browsers. This can lead to session cookie theft, enabling attackers to hijack user sessions, and arbitrary JavaScript execution, potentially compromising user data and security within the CMS environment. [1, 2]

Detection Guidance

To detect this vulnerability, you can check for posts with suspicious SVG payloads in the post title field, especially those containing onmouseover event handlers. One approach is to query the database for post titles containing '<svg' or 'onmouseover'. For example, if you have database access, you can run a SQL query like: SELECT id, title FROM posts WHERE title LIKE '%<svg%' OR title LIKE '%onmouseover%'; Additionally, monitoring HTTP POST requests to the endpoint /admin/post_type/2/posts with parameters including post[title] containing suspicious scripts can help detect exploitation attempts. Manual verification can be done by logging into the admin panel (/admin/login), navigating to the Post tab, and reviewing post titles for embedded scripts. Since the vulnerability requires authenticated access, network detection might involve inspecting admin panel traffic for malicious payloads. [1]

Mitigation Strategies

Immediate mitigation steps include restricting administrator access to trusted users only, as exploitation requires authenticated admin privileges. Review and sanitize all post titles to remove any embedded scripts or SVG elements, especially those with event handlers like onmouseover. Apply input validation and output encoding to prevent script injection in post titles. If a patch or updated version of Cameleon CMS addressing this vulnerability is available, upgrade to that version promptly. Additionally, monitor and audit admin activities for suspicious post creations. As a temporary measure, consider disabling or restricting the post creation feature for administrators until a fix is applied. [1, 2]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53936. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart