Overview
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title being improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
Details
PiranhaCMS is vulnerable to stored XSS by creating a page with a specially crafted page title.
PoC Details
Go to the pages tab in the management panel with a user that has permission to create new pages. Create a page insert the below given payload in its title. Press the save button, and then click on the pages tab again, it is possible to see that the XSS payload was rendered.
PoC Code
<img src=x onerror=alert(‘XSS’)>
Affected Environments
PiranhaCMS versions 7.0.0 to 9.1.1
Prevention
Update to Piranha version 9.2.0