{"url":"http://public2.vulnerablecode.io/api/packages/59388?format=json","purl":"pkg:nuget/Piranha@9.2.0","type":"nuget","namespace":"","name":"Piranha","version":"9.2.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48120?format=json","vulnerability_id":"VCID-1unj-6qnb-vqek","summary":"Piranha CMS vulnerable to stored cross-site scripting (XSS)\nA stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks.","references":[{"reference_url":"http://piranhacms.org","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://piranhacms.org"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61413","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1427","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14365","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14368","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1433","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14249","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61413"},{"reference_url":"https://github.com/PiranhaCMS/piranha.core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T20:35:46Z/"}],"url":"https://github.com/PiranhaCMS/piranha.core"},{"reference_url":"https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-61413/advisory.md","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T20:35:46Z/"}],"url":"https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-61413/advisory.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61413","reference_id":"CVE-2025-61413","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61413"},{"reference_url":"https://github.com/advisories/GHSA-3qcp-9v8c-6jp7","reference_id":"GHSA-3qcp-9v8c-6jp7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3qcp-9v8c-6jp7"},{"reference_url":"http://piranhacms.org/","reference_id":"piranhacms.org","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T20:35:46Z/"}],"url":"http://piranhacms.org/"}],"fixed_packages":[],"aliases":["CVE-2025-61413","GHSA-3qcp-9v8c-6jp7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1unj-6qnb-vqek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47888?format=json","vulnerability_id":"VCID-a15f-mu3j-k3aw","summary":"PiranhaCMS stored XSS\nPiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57692","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23149","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23039","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23036","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23091","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23135","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57692"},{"reference_url":"https://github.com/PiranhaCMS/piranha.core","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PiranhaCMS/piranha.core"},{"reference_url":"https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T20:41:52Z/"}],"url":"https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0"},{"reference_url":"https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-57692/advisory.md","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T20:41:52Z/"}],"url":"https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-57692/advisory.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57692","reference_id":"CVE-2025-57692","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57692"},{"reference_url":"https://github.com/advisories/GHSA-456v-f425-8mcv","reference_id":"GHSA-456v-f425-8mcv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-456v-f425-8mcv"}],"fixed_packages":[],"aliases":["CVE-2025-57692","GHSA-456v-f425-8mcv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a15f-mu3j-k3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56385?format=json","vulnerability_id":"VCID-awgd-kmzv-2yen","summary":"Piranha CMS Cross-site Scripting vulnerability\nA file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55342","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29341","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29251","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29237","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29271","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29307","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55342"},{"reference_url":"https://github.com/PiranhaCMS/piranha.core","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-20T19:58:19Z/"}],"url":"https://github.com/PiranhaCMS/piranha.core"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55342","reference_id":"CVE-2024-55342","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55342"},{"reference_url":"https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55342.html","reference_id":"CVE-2024-55342.HTML","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-20T19:58:19Z/"}],"url":"https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55342.html"},{"reference_url":"https://github.com/advisories/GHSA-cmwp-442x-3rcv","reference_id":"GHSA-cmwp-442x-3rcv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cmwp-442x-3rcv"}],"fixed_packages":[],"aliases":["CVE-2024-55342","GHSA-cmwp-442x-3rcv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-awgd-kmzv-2yen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41717?format=json","vulnerability_id":"VCID-db47-d6yu-rbcs","summary":"Cross-Site Request Forgery (CSRF)\nPiranhaCMS is vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25976","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27369","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27435","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27502","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27452","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27413","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27363","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25976"},{"reference_url":"https://github.com/PiranhaCMS/piranha.core","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PiranhaCMS/piranha.core"},{"reference_url":"https://github.com/PiranhaCMS/piranha.core/commit/e42abacdd0dd880ce9cf6607efcc24646ac82eda","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:27:43Z/"}],"url":"https://github.com/PiranhaCMS/piranha.core/commit/e42abacdd0dd880ce9cf6607efcc24646ac82eda"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25976","reference_id":"CVE-2021-25976","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25976"},{"reference_url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25976","reference_id":"CVE-2021-25976","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:27:43Z/"}],"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25976"},{"reference_url":"https://github.com/advisories/GHSA-ppq7-88c7-q879","reference_id":"GHSA-ppq7-88c7-q879","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ppq7-88c7-q879"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/142004?format=json","purl":"pkg:nuget/Piranha@10.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Piranha@10.0.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/544164?format=json","purl":"pkg:nuget/Piranha@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1unj-6qnb-vqek"},{"vulnerability":"VCID-a15f-mu3j-k3aw"},{"vulnerability":"VCID-awgd-kmzv-2yen"},{"vulnerability":"VCID-ezb7-c8q9-57h1"},{"vulnerability":"VCID-p23h-mjzc-dbdf"},{"vulnerability":"VCID-xhg4-1kpx-sfb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Piranha@10.0.0"}],"aliases":["CVE-2021-25976","GHSA-ppq7-88c7-q879"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db47-d6yu-rbcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56387?format=json","vulnerability_id":"VCID-ezb7-c8q9-57h1","summary":"Piranha CMS Cross-site Scripting vulnerability\nA stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55341","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29307","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29251","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29237","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29271","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29341","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55341"},{"reference_url":"https://github.com/PiranhaCMS/piranha.core","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-20T19:53:04Z/"}],"url":"https://github.com/PiranhaCMS/piranha.core"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55341","reference_id":"CVE-2024-55341","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55341"},{"reference_url":"https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55341.html","reference_id":"CVE-2024-55341.HTML","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-20T19:53:04Z/"}],"url":"https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55341.html"},{"reference_url":"https://github.com/advisories/GHSA-mmx8-vrfg-hfmq","reference_id":"GHSA-mmx8-vrfg-hfmq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmx8-vrfg-hfmq"}],"fixed_packages":[],"aliases":["CVE-2024-55341","GHSA-mmx8-vrfg-hfmq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezb7-c8q9-57h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49496?format=json","vulnerability_id":"VCID-p23h-mjzc-dbdf","summary":"Piranha has stored cross-site scripting (XSS) vulnerability\nA stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.","references":[{"reference_url":"http://piranha.com","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T20:15:27Z/"}],"url":"http://piranha.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67291","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10134","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10199","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10219","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10186","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10099","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67291"},{"reference_url":"https://github.com/PiranhaCMS/piranha.core","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PiranhaCMS/piranha.core"},{"reference_url":"https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67291","reference_id":"CVE-2025-67291","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T20:15:27Z/"}],"url":"https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67291"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67291","reference_id":"CVE-2025-67291","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67291"},{"reference_url":"https://github.com/advisories/GHSA-83fp-hh9m-c2jq","reference_id":"GHSA-83fp-hh9m-c2jq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-83fp-hh9m-c2jq"}],"fixed_packages":[],"aliases":["CVE-2025-67291","GHSA-83fp-hh9m-c2jq"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p23h-mjzc-dbdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49498?format=json","vulnerability_id":"VCID-xhg4-1kpx-sfb6","summary":"Piranha has stored cross-site scripting (XSS) vulnerability\nA stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.","references":[{"reference_url":"http://piranha.com","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T20:16:53Z/"}],"url":"http://piranha.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67290","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10134","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10199","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10219","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10186","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10099","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67290"},{"reference_url":"https://github.com/PiranhaCMS/piranha.core","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PiranhaCMS/piranha.core"},{"reference_url":"https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67290","reference_id":"CVE-2025-67290","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T20:16:53Z/"}],"url":"https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67290"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67290","reference_id":"CVE-2025-67290","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67290"},{"reference_url":"https://github.com/advisories/GHSA-fw48-7qf9-455m","reference_id":"GHSA-fw48-7qf9-455m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fw48-7qf9-455m"}],"fixed_packages":[],"aliases":["CVE-2025-67290","GHSA-fw48-7qf9-455m"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhg4-1kpx-sfb6"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41630?format=json","vulnerability_id":"VCID-trm2-j4j9-jbfb","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIn PiranhaCMS to are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25977","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51192","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51212","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55198","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55255","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55262","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55252","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25977"},{"reference_url":"https://github.com/PiranhaCMS/piranha.core","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PiranhaCMS/piranha.core"},{"reference_url":"https://github.com/PiranhaCMS/piranha.core/commit/543bc53c7dbd28c793ec960b57fb0e716c6b18d7","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:49:30Z/"}],"url":"https://github.com/PiranhaCMS/piranha.core/commit/543bc53c7dbd28c793ec960b57fb0e716c6b18d7"},{"reference_url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25977","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:49:30Z/"}],"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25977"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25977","reference_id":"CVE-2021-25977","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25977"},{"reference_url":"https://github.com/advisories/GHSA-jvjp-vh27-r9h5","reference_id":"GHSA-jvjp-vh27-r9h5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvjp-vh27-r9h5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59388?format=json","purl":"pkg:nuget/Piranha@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1unj-6qnb-vqek"},{"vulnerability":"VCID-a15f-mu3j-k3aw"},{"vulnerability":"VCID-awgd-kmzv-2yen"},{"vulnerability":"VCID-db47-d6yu-rbcs"},{"vulnerability":"VCID-ezb7-c8q9-57h1"},{"vulnerability":"VCID-p23h-mjzc-dbdf"},{"vulnerability":"VCID-xhg4-1kpx-sfb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Piranha@9.2.0"}],"aliases":["CVE-2021-25977","GHSA-jvjp-vh27-r9h5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trm2-j4j9-jbfb"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Piranha@9.2.0"}