{"id":"GHSA-cmwp-442x-3rcv","summary":"Piranha CMS Cross-site Scripting vulnerability","details":"A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.","aliases":["CVE-2024-55342"],"modified":"2024-12-20T22:12:25.982386Z","published":"2024-12-20T21:30:46Z","database_specific":{"nvd_published_at":"2024-12-20T19:15:08Z","github_reviewed_at":"2024-12-20T21:54:12Z","severity":"MODERATE","github_reviewed":true,"cwe_ids":["CWE-79"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55342"},{"type":"PACKAGE","url":"https://github.com/PiranhaCMS/piranha.core"},{"type":"WEB","url":"https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55342.html"}],"affected":[{"package":{"name":"Piranha","ecosystem":"NuGet","purl":"pkg:nuget/Piranha"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"11.1.0"}]}],"versions":["10.0.0","10.0.1","10.0.2","10.0.3","10.0.4","10.1.0","10.2.0","10.3.0","10.4.0","11.0.0","11.1.0","4.0.0","4.0.0-alpha1","4.0.0-alpha3","4.0.0-alpha4","4.0.0-alpha5","4.0.0-alpha6","4.0.0-alpha7","4.0.0-alpha7-1","4.0.0-alpha8","4.0.0-alpha9","4.0.0-beta1","4.0.0-rc1","4.1.0","4.1.0-alpha1","4.1.0-beta1","4.1.0-beta2","4.1.1","4.2.0","4.2.0-alpha1","4.2.0-alpha2","4.2.0-beta1","4.2.1","4.3.0","4.3.0-beta1","5.0.0","5.0.0-alpha1","5.0.0-beta1","5.1.0","5.1.0-alpha1","5.1.0-alpha2","5.1.0-beta1","5.1.1","5.1.2","5.2.0","5.2.0-beta1","5.2.0-beta2","5.2.1","5.3.0","5.3.0-beta1","5.3.1","5.4.0","6.0.0","6.0.1","6.1.0","7.0.0","7.0.0-alpha1","7.0.0-alpha2","7.0.0-alpha3","7.0.0-beta1","7.0.0-rc1","7.0.1","7.0.2","7.0.3","7.1.0","8.0.0","8.0.1","8.0.2","8.1.0","8.2.0","8.3.0","8.4.0","8.4.1","8.4.2","9.0.0","9.0.0-beta1","9.0.0-rc1","9.0.0-rc2","9.0.1","9.1.0","9.1.0-alpha1","9.1.0-alpha2","9.1.0-beta1","9.1.1","9.2.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-cmwp-442x-3rcv/GHSA-cmwp-442x-3rcv.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"}]}