CVE-2025-67290

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

Cross-site Scripting (XSS)

Overview piranha is an a complete rewrite of Piranha CMS for .NET Core. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Excerpt field in the Page Settings module. An authenticated attacker can execute arbitrary web scripts or HTML by injecting a crafted payloa...

GHSA-FW48-7QF9-455M Piranha has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

CVE-2025-67290

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

CVE-2025-67290

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

Piranha CMS 安全漏洞

Piranha CMS is Piranha CMS open source a friendly editor-centric CMS used as . A security vulnerability exists in Piranha CMS that stems from the injection of a specially crafted payload into the Excerpt field that could lead to the execution of arbitrary web script or HTML...

CVE-2025-67290

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

CVE-2025-67290

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

CVE-2025-67290

The CVE-2025-67290 issue is a stored XSS in Piranha CMS v12.1, specifically in the Page Settings Excerpt field. The vulnerability allows an attacker to inject arbitrary web scripts/HTML that are stored and later rendered to users, enabling script execution in the browser. Affected component: Page...

PT-2025-52684

Name of the Vulnerable Software and Affected Versions Piranha CMS version 12.1 Description A stored cross-site scripting XSS issue exists in the Page Settings module. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Excerpt field...

CVE-2023-53911

Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users...

PT-2025-51949

Name of the Vulnerable Software and Affected Versions Textpattern CMS version 4.8.8 Description Textpattern CMS contains a stored cross-site scripting issue in the article excerpt field. Authenticated users can inject malicious scripts into the excerpt. When an article is viewed by other users, t...

EUVD-2022-40293

Malicious code in bioql PyPI...

My Calendar < 3.4.24 - Authenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks depending on the permissions set by the admin 1. Use any type of role as long as you permit it the action to Add Events. 2. Add a n...

CVE-2022-37679

Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...

CVE-2022-37679

Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...

Cross site scripting

Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...

CVE-2022-37679

Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...

PT-2022-24038 · Unknown · Miniblog.Core

Name of the Vulnerable Software and Affected Versions: Miniblog.Core version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field in the "/blog/edit" API endpoint. This enables the execution of malicious code on...

madskristensen Miniblog.Core 跨站脚本漏洞

madskristensen Miniblog.Core is a blogging engine built on ASP.NET Core. A security vulnerability exists in madskristensen Miniblog.Core v1.0, which allows attackers to execute arbitrary web script or HTML by injecting a crafted payload into the Excerpt field via the /blog/edit component...