CVE-2024-55342

Description

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.

PUBLISHED Reserved 2024-12-06 | Published 2024-12-20 | Updated 2024-12-20 | Assigner mitre

References

github.com/PiranhaCMS/piranha.core

sec-fortress.github.io/...articles/posts/CVE-2024-55342.html

cve.org (CVE-2024-55342)

nvd.nist.gov (CVE-2024-55342)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.