CVE-2024-55342

Name of the Vulnerable Software and Affected Versions Piranha CMS version 11.1

Description A file upload functionality in Piranha CMS allows authenticated remote attackers to upload a crafted PDF file to "/manager/media". This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.

Recommendations For Piranha CMS version 11.1, as a temporary workaround, consider disabling the file upload functionality to "/manager/media" until a patch is available. Restrict access to the "/manager/media" endpoint to minimize the risk of exploitation. Avoid using the file upload feature in Piranha CMS until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.