CVE-2024-55341
Desc : An authenticated remote attacker could inject a malicious JavaScript code in the /manager/pages
endpoint of Piranha CMS 11.1 as a markdown content which could be executed in the web browser of a victim user.
Steps To Reproduce:
1. Login via the manager endpoint :: /manager/login
2. Navigate to the "Pages" Content
3. Click "Add Page" > "Standard Page"
4. Add Page title to whatever you like
5. Click [+] button and select "Markdown" under "Content"
6. Use payload: "<img src=x onerror=alert(document.cookie) />", to get cookies and you should get a pop-up