In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25977
https://github.com/PiranhaCMS/piranha.core/commit/543bc53c7dbd28c793ec960b57fb0e716c6b18d7
Source: Mitre, NVD
Published: 2021-10-25
Updated: 2026-06-17
Base Score: 3.5
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
Severity: Low
Base Score: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: Medium
EPSS: 0.00302