Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/Piranha@7.0.2
Typenuget
Namespace
NamePiranha
Version7.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1unj-6qnb-vqek
vulnerability_id VCID-1unj-6qnb-vqek
summary 
Piranha CMS vulnerable to stored cross-site scripting (XSS)
A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks.
references
0
reference_url http://piranhacms.org
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://piranhacms.org
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61413
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.1427
published_at 2026-06-09T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.14365
published_at 2026-06-05T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14368
published_at 2026-06-06T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.1433
published_at 2026-06-07T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.14249
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61413
2
reference_url https://github.com/PiranhaCMS/piranha.core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T20:35:46Z/
url https://github.com/PiranhaCMS/piranha.core
3
reference_url https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-61413/advisory.md
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T20:35:46Z/
url https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-61413/advisory.md
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61413
reference_id CVE-2025-61413
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61413
5
reference_url https://github.com/advisories/GHSA-3qcp-9v8c-6jp7
reference_id GHSA-3qcp-9v8c-6jp7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3qcp-9v8c-6jp7
6
reference_url http://piranhacms.org/
reference_id piranhacms.org
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T20:35:46Z/
url http://piranhacms.org/
fixed_packages
aliases CVE-2025-61413, GHSA-3qcp-9v8c-6jp7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1unj-6qnb-vqek
1
url VCID-a15f-mu3j-k3aw
vulnerability_id VCID-a15f-mu3j-k3aw
summary 
PiranhaCMS stored XSS
PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57692
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.23149
published_at 2026-06-05T12:55:00Z
1
value 0.00077
scoring_system epss
scoring_elements 0.23039
published_at 2026-06-09T12:55:00Z
2
value 0.00077
scoring_system epss
scoring_elements 0.23036
published_at 2026-06-08T12:55:00Z
3
value 0.00077
scoring_system epss
scoring_elements 0.23091
published_at 2026-06-07T12:55:00Z
4
value 0.00077
scoring_system epss
scoring_elements 0.23135
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57692
1
reference_url https://github.com/PiranhaCMS/piranha.core
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PiranhaCMS/piranha.core
2
reference_url https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T20:41:52Z/
url https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0
3
reference_url https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-57692/advisory.md
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T20:41:52Z/
url https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-57692/advisory.md
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57692
reference_id CVE-2025-57692
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57692
5
reference_url https://github.com/advisories/GHSA-456v-f425-8mcv
reference_id GHSA-456v-f425-8mcv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-456v-f425-8mcv
fixed_packages
aliases CVE-2025-57692, GHSA-456v-f425-8mcv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a15f-mu3j-k3aw
2
url VCID-awgd-kmzv-2yen
vulnerability_id VCID-awgd-kmzv-2yen
summary 
Piranha CMS Cross-site Scripting vulnerability
A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55342
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.29341
published_at 2026-06-05T12:55:00Z
1
value 0.00112
scoring_system epss
scoring_elements 0.29251
published_at 2026-06-09T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29237
published_at 2026-06-08T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29271
published_at 2026-06-07T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29307
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55342
1
reference_url https://github.com/PiranhaCMS/piranha.core
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-20T19:58:19Z/
url https://github.com/PiranhaCMS/piranha.core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55342
reference_id CVE-2024-55342
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55342
3
reference_url https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55342.html
reference_id CVE-2024-55342.HTML
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-20T19:58:19Z/
url https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55342.html
4
reference_url https://github.com/advisories/GHSA-cmwp-442x-3rcv
reference_id GHSA-cmwp-442x-3rcv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cmwp-442x-3rcv
fixed_packages
aliases CVE-2024-55342, GHSA-cmwp-442x-3rcv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-awgd-kmzv-2yen
3
url VCID-db47-d6yu-rbcs
vulnerability_id VCID-db47-d6yu-rbcs
summary 
Cross-Site Request Forgery (CSRF)
PiranhaCMS is vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25976
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27369
published_at 2026-06-09T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27435
published_at 2026-06-04T12:55:00Z
2
value 0.00101
scoring_system epss
scoring_elements 0.27502
published_at 2026-06-05T12:55:00Z
3
value 0.00101
scoring_system epss
scoring_elements 0.27452
published_at 2026-06-06T12:55:00Z
4
value 0.00101
scoring_system epss
scoring_elements 0.27413
published_at 2026-06-07T12:55:00Z
5
value 0.00101
scoring_system epss
scoring_elements 0.27363
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25976
1
reference_url https://github.com/PiranhaCMS/piranha.core
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PiranhaCMS/piranha.core
2
reference_url https://github.com/PiranhaCMS/piranha.core/commit/e42abacdd0dd880ce9cf6607efcc24646ac82eda
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:27:43Z/
url https://github.com/PiranhaCMS/piranha.core/commit/e42abacdd0dd880ce9cf6607efcc24646ac82eda
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25976
reference_id CVE-2021-25976
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25976
4
reference_url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25976
reference_id CVE-2021-25976
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:27:43Z/
url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25976
5
reference_url https://github.com/advisories/GHSA-ppq7-88c7-q879
reference_id GHSA-ppq7-88c7-q879
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ppq7-88c7-q879
fixed_packages
0
url pkg:nuget/Piranha@10.0.0-alpha1
purl pkg:nuget/Piranha@10.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Piranha@10.0.0-alpha1
1
url pkg:nuget/Piranha@10.0.0
purl pkg:nuget/Piranha@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1unj-6qnb-vqek
1
vulnerability VCID-a15f-mu3j-k3aw
2
vulnerability VCID-awgd-kmzv-2yen
3
vulnerability VCID-ezb7-c8q9-57h1
4
vulnerability VCID-p23h-mjzc-dbdf
5
vulnerability VCID-xhg4-1kpx-sfb6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Piranha@10.0.0
aliases CVE-2021-25976, GHSA-ppq7-88c7-q879
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-db47-d6yu-rbcs
4
url VCID-ezb7-c8q9-57h1
vulnerability_id VCID-ezb7-c8q9-57h1
summary 
Piranha CMS Cross-site Scripting vulnerability
A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55341
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.29307
published_at 2026-06-06T12:55:00Z
1
value 0.00112
scoring_system epss
scoring_elements 0.29251
published_at 2026-06-09T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29237
published_at 2026-06-08T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29271
published_at 2026-06-07T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29341
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55341
1
reference_url https://github.com/PiranhaCMS/piranha.core
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-20T19:53:04Z/
url https://github.com/PiranhaCMS/piranha.core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55341
reference_id CVE-2024-55341
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55341
3
reference_url https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55341.html
reference_id CVE-2024-55341.HTML
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-20T19:53:04Z/
url https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55341.html
4
reference_url https://github.com/advisories/GHSA-mmx8-vrfg-hfmq
reference_id GHSA-mmx8-vrfg-hfmq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmx8-vrfg-hfmq
fixed_packages
aliases CVE-2024-55341, GHSA-mmx8-vrfg-hfmq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ezb7-c8q9-57h1
5
url VCID-p23h-mjzc-dbdf
vulnerability_id VCID-p23h-mjzc-dbdf
summary 
Piranha has stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.
references
0
reference_url http://piranha.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T20:15:27Z/
url http://piranha.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67291
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10134
published_at 2026-06-09T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10199
published_at 2026-06-05T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10219
published_at 2026-06-06T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10186
published_at 2026-06-07T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.10099
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67291
2
reference_url https://github.com/PiranhaCMS/piranha.core
reference_id
reference_type
scores
0
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/PiranhaCMS/piranha.core
3
reference_url https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67291
reference_id CVE-2025-67291
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T20:15:27Z/
url https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67291
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67291
reference_id CVE-2025-67291
reference_type
scores
0
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67291
5
reference_url https://github.com/advisories/GHSA-83fp-hh9m-c2jq
reference_id GHSA-83fp-hh9m-c2jq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83fp-hh9m-c2jq
fixed_packages
aliases CVE-2025-67291, GHSA-83fp-hh9m-c2jq
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p23h-mjzc-dbdf
6
url VCID-trm2-j4j9-jbfb
vulnerability_id VCID-trm2-j4j9-jbfb
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In PiranhaCMS to are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25977
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.51192
published_at 2026-06-08T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.51212
published_at 2026-06-09T12:55:00Z
2
value 0.00319
scoring_system epss
scoring_elements 0.55198
published_at 2026-06-04T12:55:00Z
3
value 0.00319
scoring_system epss
scoring_elements 0.55255
published_at 2026-06-05T12:55:00Z
4
value 0.00319
scoring_system epss
scoring_elements 0.55262
published_at 2026-06-06T12:55:00Z
5
value 0.00319
scoring_system epss
scoring_elements 0.55252
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25977
1
reference_url https://github.com/PiranhaCMS/piranha.core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PiranhaCMS/piranha.core
2
reference_url https://github.com/PiranhaCMS/piranha.core/commit/543bc53c7dbd28c793ec960b57fb0e716c6b18d7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:49:30Z/
url https://github.com/PiranhaCMS/piranha.core/commit/543bc53c7dbd28c793ec960b57fb0e716c6b18d7
3
reference_url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25977
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:49:30Z/
url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25977
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25977
reference_id CVE-2021-25977
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25977
5
reference_url https://github.com/advisories/GHSA-jvjp-vh27-r9h5
reference_id GHSA-jvjp-vh27-r9h5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvjp-vh27-r9h5
fixed_packages
0
url pkg:nuget/Piranha@9.2.0
purl pkg:nuget/Piranha@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1unj-6qnb-vqek
1
vulnerability VCID-a15f-mu3j-k3aw
2
vulnerability VCID-awgd-kmzv-2yen
3
vulnerability VCID-db47-d6yu-rbcs
4
vulnerability VCID-ezb7-c8q9-57h1
5
vulnerability VCID-p23h-mjzc-dbdf
6
vulnerability VCID-xhg4-1kpx-sfb6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Piranha@9.2.0
aliases CVE-2021-25977, GHSA-jvjp-vh27-r9h5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-trm2-j4j9-jbfb
7
url VCID-xhg4-1kpx-sfb6
vulnerability_id VCID-xhg4-1kpx-sfb6
summary 
Piranha has stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.
references
0
reference_url http://piranha.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T20:16:53Z/
url http://piranha.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67290
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10134
published_at 2026-06-09T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10199
published_at 2026-06-05T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10219
published_at 2026-06-06T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10186
published_at 2026-06-07T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.10099
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67290
2
reference_url https://github.com/PiranhaCMS/piranha.core
reference_id
reference_type
scores
0
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/PiranhaCMS/piranha.core
3
reference_url https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67290
reference_id CVE-2025-67290
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T20:16:53Z/
url https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67290
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67290
reference_id CVE-2025-67290
reference_type
scores
0
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67290
5
reference_url https://github.com/advisories/GHSA-fw48-7qf9-455m
reference_id GHSA-fw48-7qf9-455m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fw48-7qf9-455m
fixed_packages
aliases CVE-2025-67290, GHSA-fw48-7qf9-455m
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhg4-1kpx-sfb6
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/Piranha@7.0.2