Vulnerabilities (CVE)

Filtered by vendor Dotnetfoundation Subscribe
Filtered by product Piranha Cms
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25977 1 Dotnetfoundation 1 Piranha Cms 2024-11-21 3.5 LOW 5.4 MEDIUM
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
CVE-2021-25976 1 Dotnetfoundation 1 Piranha Cms 2024-11-21 4.0 MEDIUM 8.1 HIGH
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.