GHSA-cmwp-442x-3rcv

Source

https://github.com/advisories/GHSA-cmwp-442x-3rcv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-cmwp-442x-3rcv/GHSA-cmwp-442x-3rcv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cmwp-442x-3rcv

Aliases

CVE-2024-55342

Published

2024-12-20T21:30:46Z

Modified

2024-12-20T22:12:25.982386Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N CVSS Calculator

Summary

Piranha CMS Cross-site Scripting vulnerability

Details

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2024-12-20T19:15:08Z",
    "github_reviewed_at": "2024-12-20T21:54:12Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

NuGet / Piranha

Package

Name: Piranha; View open source insights on deps.dev
Purl: pkg:nuget/Piranha

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

11.1.0

Affected versions

4.*

4.0.0-alpha1

4.0.0-alpha3

4.0.0-alpha4

4.0.0-alpha5

4.0.0-alpha6

4.0.0-alpha7

4.0.0-alpha7-1

4.0.0-alpha8

4.0.0-alpha9

4.0.0-beta1

4.0.0-rc1

4.0.0

4.1.0-alpha1

4.1.0-beta1

4.1.0-beta2

4.1.0

4.1.1

4.2.0-alpha1

4.2.0-alpha2

4.2.0-beta1

4.2.0

4.2.1

4.3.0-beta1

4.3.0

5.*

5.0.0-alpha1

5.0.0-beta1

5.0.0

5.1.0-alpha1

5.1.0-alpha2

5.1.0-beta1

5.1.0

5.1.1

5.1.2

5.2.0-beta1

5.2.0-beta2

5.2.0

5.2.1

5.3.0-beta1

5.3.0

5.3.1

5.4.0

6.*

6.0.0

6.0.1

6.1.0

7.*

7.0.0-alpha1

7.0.0-alpha2

7.0.0-alpha3

7.0.0-beta1

7.0.0-rc1

7.0.0

7.0.1

7.0.2

7.0.3

7.1.0

8.*

8.0.0

8.0.1

8.0.2

8.1.0

8.2.0

8.3.0

8.4.0

8.4.1

8.4.2

9.*

9.0.0-beta1

9.0.0-rc1

9.0.0-rc2

9.0.0

9.0.1

9.1.0-alpha1

9.1.0-alpha2

9.1.0-beta1

9.1.0

9.1.1

9.2.0

10.*

10.0.0

10.0.1

10.0.2

10.0.3

10.0.4

10.1.0

10.2.0

10.3.0

10.4.0

11.*

11.0.0

11.1.0