GHSA-456v-f425-8mcv

Suggest an improvement
Source
https://github.com/advisories/GHSA-456v-f425-8mcv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-456v-f425-8mcv/GHSA-456v-f425-8mcv.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-456v-f425-8mcv
Aliases
Published
2025-09-26T21:30:30Z
Modified
2025-09-26T21:57:25.623788Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L CVSS Calculator
Summary
PiranhaCMS stored XSS
Details

PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.

Database specific 
{
    "github_reviewed": true,
    "nvd_published_at": "2025-09-26T20:15:38Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed_at": "2025-09-26T21:39:54Z"
}
References

Affected packages

NuGet / Piranha

Package

Name
Piranha
View open source insights on deps.dev
Purl
pkg:nuget/Piranha

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
12.0

Affected versions

4.*

4.0.0-alpha1
4.0.0-alpha3
4.0.0-alpha4
4.0.0-alpha5
4.0.0-alpha6
4.0.0-alpha7
4.0.0-alpha7-1
4.0.0-alpha8
4.0.0-alpha9
4.0.0-beta1
4.0.0-rc1
4.0.0
4.1.0-alpha1
4.1.0-beta1
4.1.0-beta2
4.1.0
4.1.1
4.2.0-alpha1
4.2.0-alpha2
4.2.0-beta1
4.2.0
4.2.1
4.3.0-beta1
4.3.0

5.*

5.0.0-alpha1
5.0.0-beta1
5.0.0
5.1.0-alpha1
5.1.0-alpha2
5.1.0-beta1
5.1.0
5.1.1
5.1.2
5.2.0-beta1
5.2.0-beta2
5.2.0
5.2.1
5.3.0-beta1
5.3.0
5.3.1
5.4.0

6.*

6.0.0
6.0.1
6.1.0

7.*

7.0.0-alpha1
7.0.0-alpha2
7.0.0-alpha3
7.0.0-beta1
7.0.0-rc1
7.0.0
7.0.1
7.0.2
7.0.3
7.1.0

8.*

8.0.0
8.0.1
8.0.2
8.1.0
8.2.0
8.3.0
8.4.0
8.4.1
8.4.2

9.*

9.0.0-beta1
9.0.0-rc1
9.0.0-rc2
9.0.0
9.0.1
9.1.0-alpha1
9.1.0-alpha2
9.1.0-beta1
9.1.0
9.1.1
9.2.0

10.*

10.0.0
10.0.1
10.0.2
10.0.3
10.0.4
10.1.0
10.2.0
10.3.0
10.4.0

11.*

11.0.0
11.1.0

12.*

12.0.0