Dotnetfoundation Piranha Cms — known CVE vulnerabilities
Every CVE whose affected-product data names Dotnetfoundation Piranha Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2021-25976 — CVSS 8.1 (high): In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported…
CVE-2025-57692 — CVSS 6.8 (medium): PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution…
CVE-2025-61413 — CVSS 6.1 (medium): A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute…
CVE-2025-67290 — CVSS 6.1 (medium): A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary…
CVE-2025-67291 — CVSS 6.1 (medium): A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web…
CVE-2021-25977 — CVSS 5.4 (medium): In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a…
CVE-2024-55341 — CVSS 4.7 (medium): A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web…
CVE-2024-55342 — CVSS 4.7 (medium): A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This…