Vulnerabilities > Dotnetfoundation > Piranha CMS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-16 | CVE-2021-25976 | Cross-Site Request Forgery (CSRF) vulnerability in Dotnetfoundation Piranha CMS In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. | 8.1 |
| 2021-10-25 | CVE-2021-25977 | Cross-site Scripting vulnerability in Dotnetfoundation Piranha CMS In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. | 5.4 |