{"vulnerability": "cve-2021-25969", "sightings": [{"uuid": "9f4a898b-2f2a-414d-a291-4c91b6f333e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-25969", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14081", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-25969\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim\u2019s browser when they open the page containing the malicious comment.\n\ud83d\udccf Published: 2021-10-20T11:55:14.000Z\n\ud83d\udccf Modified: 2025-04-30T15:57:20.923Z\n\ud83d\udd17 References:\n1. https://github.com/owen2345/camaleon-cms/commit/05506e9087bb05282c0bae6ccfe0283d0332ab3c\n2. https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25969", "creation_timestamp": "2025-04-30T16:14:14.000000Z"}, {"uuid": "02170e00-78d2-4fea-a05d-1eb3a7588770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-25969", "type": "seen", "source": "https://t.me/cibsecurity/30893", "content": "\u203c CVE-2021-25969 \u203c\n\nIn \u00e2\u20ac\u0153Camaleon CMS\u00e2\u20ac\ufffd application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim\u00e2\u20ac\u2122s browser when they open the page containing the malicious comment.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-20T16:35:17.000000Z"}]}