GHSA SYNC: 1 brand new advisory

jasnow · postmodern · commit c105c3f736ca · 2024-10-24T06:19:33.000-07:00
diff --git a/gems/camaleon_cms/CVE-2024-48652.yml b/gems/camaleon_cms/CVE-2024-48652.yml
@@ -0,0 +1,21 @@
+---
+gem: camaleon_cms
+cve: 2024-48652
+ghsa: hhxg-rvc9-8726
+url: https://github.com/paragbagul111/CVE-2024-48652
+title: camaleon_cms affected by cross site scripting
+date: 2024-10-23
+description: |
+  Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows
+  remote attacker to execute arbitrary code via the content group
+  name field.
+cvss_v3: 4.8
+notes: |
+  Never patched
+
+  Unclear if versions 2.8.0 to 2.8.3 patch this vulnerability.
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-48652
+    - https://github.com/paragbagul111/CVE-2024-48652
+    - https://github.com/advisories/GHSA-hhxg-rvc9-8726
