Moderate severityNVD Advisory· Published Oct 25, 2021· Updated Apr 30, 2025
Piranha CMS - Stored XSS in Page Title
CVE-2021-25977
Description
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PiranhaNuGet | >= 7.0.0, < 9.2.0 | 9.2.0 |
Affected products
2- Range: 7.0.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-jvjp-vh27-r9h5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-25977ghsaADVISORY
- github.com/PiranhaCMS/piranha.core/commit/543bc53c7dbd28c793ec960b57fb0e716c6b18d7ghsax_refsource_MISCWEB
- www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25977ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.