Vulnerability Details CVE-2021-25977
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/PiranhaCMS/piranha.core/commit/543bc53c7dbd28c793ec960b57fb0e716c6b18d7
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25977
- https://github.com/PiranhaCMS/piranha.core/commit/543bc53c7dbd28c793ec960b57fb0e716c6b18d7
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25977
Products affected by CVE-2021-25977
-
cpe:2.3:a:dotnetfoundation:piranha_cms:7.0.0
-
cpe:2.3:a:dotnetfoundation:piranha_cms:8.1
-
cpe:2.3:a:dotnetfoundation:piranha_cms:8.2
-
cpe:2.3:a:dotnetfoundation:piranha_cms:8.3
-
cpe:2.3:a:dotnetfoundation:piranha_cms:8.4
-
cpe:2.3:a:dotnetfoundation:piranha_cms:9.0
-
cpe:2.3:a:dotnetfoundation:piranha_cms:9.1
-
cpe:2.3:a:dotnetfoundation:piranha_cms:9.1.1