Piranha Cms

piranha_cms

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-67291 1Dotnetfoundation 1Piranha Cms Jan 2, 2026 Dec 22, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.
CVE-2025-67290 1Dotnetfoundation 1Piranha Cms Jan 2, 2026 Dec 22, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.
CVE-2025-61413 1Dotnetfoundation 1Piranha Cms Dec 31, 2025 Oct 23, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into th...Show more A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks.Show less
CVE-2025-57692 1Dotnetfoundation 1Piranha Cms Oct 7, 2025 Sep 26, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.
CVE-2024-55341 1Dotnetfoundation 1Piranha Cms Apr 21, 2025 Dec 20, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a mark...Show more A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.Show less
CVE-2024-55342 1Dotnetfoundation 1Piranha Cms Apr 18, 2025 Dec 20, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user o...Show more A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.Show less
CVE-2021-25976 1Dotnetfoundation 1Piranha Cms Nov 21, 2024 Nov 16, 2021 N/A· v4 8.1 HIGH· v3 4.0 MEDIUM· v2 In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a po...Show more In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.Show less
CVE-2021-25977 1Dotnetfoundation 1Piranha Cms Nov 21, 2024 Oct 25, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScri...Show more In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.Show less