dotnetfoundation CVE Vulnerabilities & Metrics

Focus on dotnetfoundation vulnerabilities and metrics.

Last updated: 27 Apr 2025, 22:25 UTC

About dotnetfoundation Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with dotnetfoundation. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total dotnetfoundation CVEs: 5
Earliest CVE date: 25 Oct 2021, 13:15 UTC
Latest CVE date: 20 Dec 2024, 20:15 UTC

Latest CVE reference: CVE-2024-55341

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical dotnetfoundation CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.04

Max CVSS: 4.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS dotnetfoundation CVEs

These are the five CVEs with the highest CVSS scores for dotnetfoundation, sorted by severity first and recency.

CVE-2021-25976 dotnetfoundation Published on 16 Nov 2021, 09:15 UTC (CVSS: 4.0)
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.
CVE-2021-25977 dotnetfoundation Published on 25 Oct 2021, 13:15 UTC (CVSS: 3.5)
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
CVE-2022-4952 dotnetfoundation Published on 17 Jul 2023, 02:15 UTC (CVSS: 2.7)
A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads to resource consumption. Upgrading to version 0.19.7 is able to address this issue. The patch is id...
CVE-2024-55341 dotnetfoundation Published on 20 Dec 2024, 20:15 UTC (CVSS: 0)
A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.
CVE-2024-55342 dotnetfoundation Published on 20 Dec 2024, 19:15 UTC (CVSS: 0)
A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.

All CVEs for dotnetfoundation

CVE-2024-55341 dotnetfoundation vulnerability CVSS: 0 20 Dec 2024, 20:15 UTC

A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload.

CVE-2024-55342 dotnetfoundation vulnerability CVSS: 0 20 Dec 2024, 19:15 UTC

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.

CVE-2022-4952 dotnetfoundation vulnerability CVSS: 2.7 17 Jul 2023, 02:15 UTC

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads to resource consumption. Upgrading to version 0.19.7 is able to address this issue. The patch is identified as 7fd2219f194a9ef2a8901bb131c5fa12272305ce. It is recommended to upgrade the affected component. VDB-234238 is the identifier assigned to this vulnerability.

CVE-2021-25976 dotnetfoundation vulnerability CVSS: 4.0 16 Nov 2021, 09:15 UTC

In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.

CVE-2021-25977 dotnetfoundation vulnerability CVSS: 3.5 25 Oct 2021, 13:15 UTC

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.