cbcvebase.

Piranhacms Piranha vulnerabilities

8 known vulnerabilities affecting piranhacms/piranha.

Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5LOW2

Vulnerabilities

Page 1 of 1
CVE-2025-57692P3MEDIUMPoC≥ 0, ≤ 12.02025-09-26
CVE-2025-57692 [MEDIUM] CWE-79 PiranhaCMS stored XSS PiranhaCMS stored XSS PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.
ghsaosv
CVE-2021-25976P4HIGHCVSS 8.1≥ 4.0.0-alpha1, < unspecified≥ unspecified, ≤ 9.2.02021-11-16
CVE-2021-25976 [HIGH] CWE-352 CVE-2021-25976: In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) wh In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.
ghsanvdosv
CVE-2021-25977P4MEDIUMCVSS 5.4≥ 7.0.0, < unspecified≥ unspecified, ≤ 9.1.12021-10-25
CVE-2021-25977 [MEDIUM] CWE-79 CVE-2021-25977: In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
ghsanvdosv
CVE-2025-61413P4MEDIUM≥ 0, ≤ 12.0.02025-10-23
CVE-2025-61413 [MEDIUM] CWE-79 Piranha CMS vulnerable to stored cross-site scripting (XSS) Piranha CMS vulnerable to stored cross-site scripting (XSS) A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks.
ghsaosv
CVE-2025-67290P4LOW≥ 0, ≤ 12.0.02025-12-22
CVE-2025-67290 [LOW] CWE-79 Piranha has stored cross-site scripting (XSS) vulnerability Piranha has stored cross-site scripting (XSS) vulnerability A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.
ghsaosv
CVE-2025-67291P4LOW≥ 0, ≤ 12.0.02025-12-22
CVE-2025-67291 [LOW] CWE-79 Piranha has stored cross-site scripting (XSS) vulnerability Piranha has stored cross-site scripting (XSS) vulnerability A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.
ghsaosv
CVE-2024-55342P4MEDIUM≥ 0, ≤ 11.1.02024-12-20
CVE-2024-55342 [MEDIUM] CWE-79 Piranha CMS Cross-site Scripting vulnerability Piranha CMS Cross-site Scripting vulnerability A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.
ghsaosv
CVE-2024-55341P4MEDIUM≥ 0, ≤ 11.1.02024-12-20
CVE-2024-55341 [MEDIUM] CWE-79 Piranha CMS Cross-site Scripting vulnerability Piranha CMS Cross-site Scripting vulnerability A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.
ghsaosv
Piranhacms Piranha vulnerabilities | cvebase