Dotnetfoundation: >> Piranha Cms >> 11.1 Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-12-20
A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-12-20