Piranha

NuGet4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting Piranhapage 1 of 1

CVE-2021-25976HIGHCVSS 8.1EG 8.1✓ Fixed in 10.0-alpha1
2021-11-16
vulnerable: 4.0.0 ... 9.2.0 (74 versions)
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a medi…
CVE-2021-25977MEDIUMCVSS 5.4EG 5.4✓ Fixed in 9.2.0
2021-10-25
vulnerable: 7.0.0 ... 9.1.1 (24 versions)
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
CVE-2024-55341MEDIUMCVSS 4.7EG 4.7
2024-12-20
vulnerable: 10.0.0 ... 9.2.0 (85 versions)
A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with t…
CVE-2024-55342MEDIUMCVSS 4.7EG 4.7
2024-12-20
vulnerable: 10.0.0 ... 9.2.0 (85 versions)
A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts w…

Check whether Piranha is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for Piranha CVEs against the assets you own.

Start Free Scan →