Updated advisory posts against rubysec/ruby-advisory-db@c105c3f

jasnow · RubySec CI · commit 9ef1686b6fa3 · 2024-10-24T13:20:19.000Z
diff --git a/advisories/_posts/2024-10-23-CVE-2024-48652.md b/advisories/_posts/2024-10-23-CVE-2024-48652.md
@@ -0,0 +1,28 @@
+---
+layout: advisory
+title: 'CVE-2024-48652 (camaleon_cms): camaleon_cms affected by cross site scripting'
+comments: false
+categories:
+- camaleon_cms
+advisory:
+  gem: camaleon_cms
+  cve: 2024-48652
+  ghsa: hhxg-rvc9-8726
+  url: https://github.com/paragbagul111/CVE-2024-48652
+  title: camaleon_cms affected by cross site scripting
+  date: 2024-10-23
+  description: |
+    Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows
+    remote attacker to execute arbitrary code via the content group
+    name field.
+  cvss_v3: 4.8
+  notes: |
+    Never patched
+
+    Unclear if versions 2.8.0 to 2.8.3 patch this vulnerability.
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-48652
+    - https://github.com/paragbagul111/CVE-2024-48652
+    - https://github.com/advisories/GHSA-hhxg-rvc9-8726
+---
