CVE-2021-25977

Publication date

2021-10-25 13:10:10

Family

Mend

State

PUBLISHED

Description

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.