VOOZH about

URL: https://github.com/advisories/GHSA-mmx8-vrfg-hfmq

⇱ Piranha CMS Cross-site Scripting vulnerability · CVE-2024-55341 · GitHub Advisory Database · GitHub

Skip to content

Piranha CMS Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published to the GitHub Advisory Database • Updated

Package

Piranha (NuGet)

Affected versions

<= 11.1.0

Patched versions

None

Description

A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.

References

Published to the GitHub Advisory Database
Reviewed
Last updated

Severity

Moderate
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

EPSS score

(35th percentile)

Weaknesses

CVE ID

CVE-2024-55341

GHSA ID

GHSA-mmx8-vrfg-hfmq
See something to contribute? Suggest improvements for this vulnerability.
You can’t perform that action at this time.