Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS vulnerabilities reported 12/2024 #2109

Open
gh-at-sqh opened this issue Jan 23, 2025 · 1 comment
Open

XSS vulnerabilities reported 12/2024 #2109

gh-at-sqh opened this issue Jan 23, 2025 · 1 comment
Labels
question

Comments

@gh-at-sqh
Copy link

According to GitHub advisory, Piranha CMS(<= 11.1.0) suffers from two XSS vulnerabilities of moderate severity (but not GitHub reviewed).

Notices below are both dated 12/20/2024 and were published in the National Vulnerability Database.

GHSA-cmwp-442x-3rcv
GHSA-mmx8-vrfg-hfmq

Have they been verified and addressed or are there plans and resources to do so?

Thanks!
@tidyui
Copy link
Member

tidyui commented Jan 23, 2025
edited
Loading

We're currently investigating one of them in the issue #2105. Please note that this does not affect Piranha CMS as a whole, it only applies if you use the Markdown editor.

The PDF-related issue has not started investigation, however this does not affect Piranha CMS as a whole either. It is completely configurable what file types you want to support in your application, and if you don't want to include the option to upload PDF-files this can be configured, see https://piranhacms.org/docs/master/content/media for more information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tidyui @gh-at-sqh