{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "4.0.1" }, { "last_affected": "9.2" }, { "introduced": "0" }, { "last_affected": "4.0.0-NA" }, { "introduced": "0" }, { "last_affected": "4.0.0-alpha1" }, { "introduced": "0" }, { "last_affected": "4.0.0-alpha3" }, { "introduced": "0" }, { "last_affected": "4.0.0-alpha4" }, { "introduced": "0" }, { "last_affected": "4.0.0-alpha5" }, { "introduced": "0" }, { "last_affected": "4.0.0-alpha6" }, { "introduced": "0" }, { "last_affected": "4.0.0-alpha7" }, { "introduced": "0" }, { "last_affected": "4.0.0-alpha8" }, { "introduced": "0" }, { "last_affected": "4.0.0-alpha9" }, { "introduced": "0" }, { "last_affected": "4.0.0-beta1" }, { "introduced": "0" }, { "last_affected": "4.0.0-rc1" } ] }, "events": [ { "introduced": "c5b65aad9762e144bb9adfad317fa34b7dcf97b6" }, { "last_affected": "22a84b85fd30946b4ca93240e51c38d23e694acc" }, { "introduced": "0" }, { "last_affected": "504e9a51c72e517cad14f3f8bfc7dcc65879d769" }, { "introduced": "0" }, { "last_affected": "91bc55f696e01bd3bafac3b904a3e355c97bdc7e" }, { "introduced": "0" }, { "last_affected": "427d71bcb62769e135cc814c4e850ee2f806976a" }, { "introduced": "0" }, { "last_affected": "cbc40b4812a6d7c0c8bd51129c1b330cb538cda4" }, { "introduced": "0" }, { "last_affected": "80be7e6155994d61b4b2b53532d76d9b98286ae4" }, { "introduced": "0" }, { "last_affected": "0ed1ffb3c87be6b57c1a3b225f9930f565ec1db7" }, { "introduced": "0" }, { "last_affected": "11d71fbb50637aa5fc44442d35dcd66cb9dbfd07" }, { "introduced": "0" }, { "last_affected": "369b4a65aefe9a202da4e56cb9a11d3e1a1e6d7c" }, { "introduced": "0" }, { "last_affected": "3bf3c99df291487e6e60b0a9bfaa96111382486f" }, { "introduced": "0" }, { "last_affected": "83016dbde65276e8c09ef67c7d163dedaff591ba" }, { "introduced": "0" }, { "last_affected": "9d7722e6b0e85f8e7c3be20fe1189ff04457db31" }, { "fixed": "e42abacdd0dd880ce9cf6607efcc24646ac82eda" } ], "repo": "https://github.com/piranhacms/piranha.core", "type": "GIT" } ] } ], "details": "In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.", "id": "CVE-2021-25976", "modified": "2026-03-13T21:51:28.634008208Z", "published": "2021-11-16T09:15:06.717Z", "references": [ { "type": "ADVISORY", "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25976" }, { "type": "FIX", "url": "https://github.com/PiranhaCMS/piranha.core/commit/e42abacdd0dd880ce9cf6607efcc24646ac82eda" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "type": "CVSS_V3" } ] }