CVE-2021-25977

Name of the Vulnerable Software and Affected Versions PiranhaCMS versions 7.0.0 through 9.1.1

Description The issue is related to stored XSS due to the page title being improperly sanitized. A low privileged user can trigger arbitrary JavaScript execution by creating a page with a specially crafted page title.

Recommendations For PiranhaCMS versions 7.0.0 through 9.1.1, consider sanitizing the page title input to prevent stored XSS attacks. As a temporary workaround, restrict the ability of low privileged users to create pages with custom titles until a proper fix is applied.