Filtered by vendor Dotnetfoundation
Subscriptions
Filtered by product Piranha Cms
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55342 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-04-18 | 4.7 Medium |
| A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability. | ||||
| CVE-2021-25977 | 1 Dotnetfoundation | 1 Piranha Cms | 2024-11-21 | 5.4 Medium |
| In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution. | ||||
| CVE-2021-25976 | 1 Dotnetfoundation | 1 Piranha Cms | 2024-11-21 | 8.1 High |
| In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. | ||||
Page 1 of 1.