CVE-2024-55341

Name of the Vulnerable Software and Affected Versions Piranha CMS version 11.1

Description A stored cross-site scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the web browser of a user. This is achieved by creating a page via the "/manager/pages" endpoint and then adding markdown content with the XSS payload.

Recommendations For Piranha CMS version 11.1, as a temporary workaround, consider restricting access to the "/manager/pages" endpoint to minimize the risk of exploitation. Additionally, avoid using markdown content that may contain XSS payloads until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.