Lucene search
MendCVELIST:CVE-2021-25977HistoryOct 25, 2021 - 1:10 p.m.
CVE-2021-25977 Piranha CMS - Stored XSS in Page Title
2021-10-2513:10:10
CWE-79
Mend
www.cve.org
2
cve-2021-25977
piranhacms
stored xss
page title
vulnerability
javascript execution
low privileged user
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
19.5%
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
CNA Affected
[
{
"product": "Piranha",
"vendor": "PiranhaCMS",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
PiranhaCMS Cross-Site Scripting Vulnerability
2021-10-28 00:00:00
osv
osv
Cross-site Scripting in PiranhaCMS
2021-10-27 18:53:03
CVE-2021-25977
2021-10-25 13:15:07
cve
cve
CVE-2021-25977
2021-10-25 13:15:07
nvd
nvd
CVE-2021-25977
2021-10-25 13:15:07
prion
prion
Design/Logic Flaw
2021-10-25 13:15:00
github
github
Cross-site Scripting in PiranhaCMS
2021-10-27 18:53:03
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
19.5%
Related for CVELIST:CVE-2021-25977