Publish Advisories

GHSA-cmwp-442x-3rcv GHSA-mmx8-vrfg-hfmq
github · Dec 20, 2024 · f038fab · f038fab
1 parent c26eee6
commit f038fab
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 10 deletions.
diff --git a/...A-cmwp-442x-3rcv/GHSA-cmwp-442x-3rcv.json → ...A-cmwp-442x-3rcv/GHSA-cmwp-442x-3rcv.json b/...A-cmwp-442x-3rcv/GHSA-cmwp-442x-3rcv.json → ...A-cmwp-442x-3rcv/GHSA-cmwp-442x-3rcv.json
@@ -1,26 +1,47 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cmwp-442x-3rcv",
-  "modified": "2024-12-20T21:30:46Z",
+  "modified": "2024-12-20T21:54:12Z",
   "published": "2024-12-20T21:30:46Z",
   "aliases": [
     "CVE-2024-55342"
   ],
+  "summary": "Piranha CMS Cross-site Scripting vulnerability",
   "details": "A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "NuGet",
+        "name": "Piranha"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "11.1.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55342"
     },
     {
-      "type": "WEB",
+      "type": "PACKAGE",
       "url": "https://github.com/PiranhaCMS/piranha.core"
     },
     {
@@ -33,8 +54,8 @@
       "CWE-79"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2024-12-20T21:54:12Z",
     "nvd_published_at": "2024-12-20T19:15:08Z"
   }
 }
diff --git a/...A-mmx8-vrfg-hfmq/GHSA-mmx8-vrfg-hfmq.json → ...A-mmx8-vrfg-hfmq/GHSA-mmx8-vrfg-hfmq.json b/...A-mmx8-vrfg-hfmq/GHSA-mmx8-vrfg-hfmq.json → ...A-mmx8-vrfg-hfmq/GHSA-mmx8-vrfg-hfmq.json
@@ -1,26 +1,47 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mmx8-vrfg-hfmq",
-  "modified": "2024-12-20T21:30:46Z",
+  "modified": "2024-12-20T21:54:33Z",
   "published": "2024-12-20T21:30:46Z",
   "aliases": [
     "CVE-2024-55341"
   ],
+  "summary": "Piranha CMS Cross-site Scripting vulnerability",
   "details": "A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "NuGet",
+        "name": "Piranha"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "11.1.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55341"
     },
     {
-      "type": "WEB",
+      "type": "PACKAGE",
       "url": "https://github.com/PiranhaCMS/piranha.core"
     },
     {
@@ -33,8 +54,8 @@
       "CWE-79"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2024-12-20T21:54:33Z",
     "nvd_published_at": "2024-12-20T20:15:23Z"
   }
 }