GHSA-jvjp-vh27-r9h5

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-jvjp-vh27-r9h5/GHSA-jvjp-vh27-r9h5.json
Aliases
  • CVE-2021-25977
Published
2021-10-27T18:53:03Z
Modified
2022-11-22T01:02:33.924093Z
Details

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.

References

Affected packages

NuGet / Piranha

Piranha

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
9.2.0

Affected versions

7.*

7.0.0
7.0.1
7.0.2
7.0.3
7.1.0

8.*

8.0.0
8.0.1
8.0.2
8.1.0
8.2.0
8.3.0
8.4.0
8.4.1
8.4.2

9.*

9.0.0
9.0.0-beta1
9.0.0-rc1
9.0.0-rc2
9.0.1
9.1.0
9.1.0-alpha1
9.1.0-alpha2
9.1.0-beta1
9.1.1