GHSA-jvjp-vh27-r9h5

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-jvjp-vh27-r9h5/GHSA-jvjp-vh27-r9h5.json

Aliases

CVE-2021-25977

Published

2021-10-27T18:53:03Z

Modified

2022-11-22T01:02:33.924093Z

Details

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-25977
https://github.com/PiranhaCMS/piranha.core/commit/543bc53c7dbd28c793ec960b57fb0e716c6b18d7
https://github.com/PiranhaCMS/piranha.core
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25977

Affected packages

NuGet / Piranha

Piranha

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

9.2.0

Affected versions

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.1.0

8.*

8.0.0

8.0.1

8.0.2

8.1.0

8.2.0

8.3.0

8.4.0

8.4.1

8.4.2

9.*

9.0.0

9.0.0-beta1

9.0.0-rc1

9.0.0-rc2

9.0.1

9.1.0

9.1.0-alpha1

9.1.0-alpha2

9.1.0-beta1

9.1.1