CVE-2021-25977
published 2021-10-25CVE-2021-25977: In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted…
PriorityP426medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.63%
45.6th percentile
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dotnetfoundation | piranha_cms | 7.0.0 – 9.1.1 | — |
| piranhacms | piranha | >= 7.0.0 < unspecified | unspecified |
| piranhacms | piranha | >= 7.0.0 < 9.2.0 | 9.2.0 |
| piranhacms | piranha | unspecified – 9.1.1 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in PiranhaCMS
osv·2021-10-27
CVE-2021-25977 [MEDIUM] Cross-site Scripting in PiranhaCMS
Cross-site Scripting in PiranhaCMS
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
GHSA
Cross-site Scripting in PiranhaCMS
ghsa·2021-10-27
CVE-2021-25977 [MEDIUM] CWE-79 Cross-site Scripting in PiranhaCMS
Cross-site Scripting in PiranhaCMS
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/PiranhaCMS/piranha.core/commit/543bc53c7dbd28c793ec960b57fb0e716c6b18d7https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25977https://github.com/PiranhaCMS/piranha.core/commit/543bc53c7dbd28c793ec960b57fb0e716c6b18d7https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25977
2021-10-25
Published