Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID? What is an MSC vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: October 25, 2021
DetailsPiranhaCMS is vulnerable to stored XSS by creating a page with a specially crafted page title.
PoC DetailsGo to the pages tab in the management panel with a user that has permission to create new pages. Create a page insert the below given payload in its title. Press the save button, and then click on the pages tab again, it is possible to see that the XSS payload was rendered.
<img src=x onerror=alert(‘XSS’)>
Affected EnvironmentsPiranhaCMS versions 7.0.0 to 9.1.1
PreventionUpdate to Piranha version 9.2.0
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|