Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Piranha CMS - Stored XSS in Page Title
Vulnerability Description
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
PiranhaCms 跨站脚本漏洞
Vulnerability Description
PiranhaCms是一个用作 .Net5 的友好的以编辑器为中心的 Cms。用于集成 Cms 或无头 Api。 PiranhaCMS 7.0.0 到 9.1.1 版本中存在安全漏洞,该漏洞源于页面标题未正确清理而容易受到存储型 XSS 的攻击。通过创建带有特制页面标题的页面,低权限用户可以触发任意 JavaScript 执行。
CVSS Information
N/A
Vulnerability Type
N/A