Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-cmwp-442x-3rcv

Опубликовано: 20 дек. 2024
Источник: github
Github: Прошло ревью
CVSS3: 4.7

Описание

Piranha CMS Cross-site Scripting vulnerability

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.

Ссылки

Пакеты

Наименование

Piranha

nuget
Затронутые версииВерсия исправления

<= 11.1.0

Отсутствует

EPSS

Процентиль: 24%
0.00082
Низкий

4.7 Medium

CVSS3

CVE ID

CVE-2024-55342

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2024-55342

CVSS3: 4.7
nvd
около 1 года назад

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.

EPSS

Процентиль: 24%
0.00082
Низкий

4.7 Medium

CVSS3

CVE ID

CVE-2024-55342

Дефекты

CWE-79