Filtered by vendor Dotnetfoundation
Subscriptions
Filtered by product Piranha Cms
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25976 | 1 Dotnetfoundation | 1 Piranha Cms | 2021-11-17 | 8.1 High |
| In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. | ||||
| CVE-2021-25977 | 1 Dotnetfoundation | 1 Piranha Cms | 2021-10-26 | 5.4 Medium |
| In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution. | ||||
Page 1 of 1.