GHSA-jvjp-vh27-r9h5

Suggest an improvement
Source
https://github.com/advisories/GHSA-jvjp-vh27-r9h5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-jvjp-vh27-r9h5/GHSA-jvjp-vh27-r9h5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jvjp-vh27-r9h5
Aliases
Published
2021-10-27T18:53:03Z
Modified
2023-11-08T04:05:19.614848Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross-site Scripting in PiranhaCMS
Details

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.

Database specific 
{
    "nvd_published_at": "2021-10-25T13:15:00Z",
    "github_reviewed_at": "2021-10-26T17:55:07Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE"
}
References

Affected packages

NuGet / Piranha

Package

Name
Piranha
View open source insights on deps.dev
Purl
pkg:nuget/Piranha

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
9.2.0

Affected versions

7.*

7.0.0
7.0.1
7.0.2
7.0.3
7.1.0

8.*

8.0.0
8.0.1
8.0.2
8.1.0
8.2.0
8.3.0
8.4.0
8.4.1
8.4.2

9.*

9.0.0-beta1
9.0.0-rc1
9.0.0-rc2
9.0.0
9.0.1
9.1.0-alpha1
9.1.0-alpha2
9.1.0-beta1
9.1.0
9.1.1