Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-25977 | 1 Dotnetfoundation | 1 Piranha Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution. | |||||
CVE-2021-25976 | 1 Dotnetfoundation | 1 Piranha Cms | 2024-11-21 | 4.0 MEDIUM | 8.1 HIGH |
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. |