CVE-2021-25976

Published November 16th, 2021

View on NVD ↗

CVSS v3

8.1

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.

PiranhaCMS/piranha.core

Piranha CMS is the friendly editor-focused CMS for .NET that can be used both as an integrated CMS or as a headless API.

GitHub

2.18K