From a8099ad24924834a292353e8d9726c8a2d701367 Mon Sep 17 00:00:00 2001
From: Al Snow <jasnow@hotmail.com>
Date: Thu, 24 Oct 2024 08:33:56 -0400
Subject: [PATCH] GHSA SYNC: 1 brand new advisory

---
 gems/camaleon_cms/CVE-2024-48652.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 gems/camaleon_cms/CVE-2024-48652.yml

diff --git a/gems/camaleon_cms/CVE-2024-48652.yml b/gems/camaleon_cms/CVE-2024-48652.yml
new file mode 100644
index 0000000000..6f45d87868
--- /dev/null
+++ b/gems/camaleon_cms/CVE-2024-48652.yml
@@ -0,0 +1,21 @@
+---
+gem: camaleon_cms
+cve: 2024-48652
+ghsa: hhxg-rvc9-8726
+url: https://github.com/paragbagul111/CVE-2024-48652
+title: camaleon_cms affected by cross site scripting
+date: 2024-10-23
+description: |
+  Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows
+  remote attacker to execute arbitrary code via the content group
+  name field.
+cvss_v3: 4.8
+notes: |
+  Never patched
+
+  Unclear if versions 2.8.0 to 2.8.3 patch this vulnerability.
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-48652
+    - https://github.com/paragbagul111/CVE-2024-48652
+    - https://github.com/advisories/GHSA-hhxg-rvc9-8726