Lucene search
K

56 matches found

Packet Storm
Packet Storm
added 2026/02/05 12:0 a.m.146 views

📄 Piranha CMS 12.0 Cross Site Scripting

Piranha CMS version 12.0 suffers from a cross site scripting vulnerability. Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? Vendor Homepage:...

6.8CVSS4.9AI score0.003EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/12/23 1:18 p.m.5 views

CVE-2025-67291

A stored cross-site scripting XSS vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

6.1CVSS5.6AI score0.00185EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/23 1:18 p.m.5 views

CVE-2025-67290

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

6.1CVSS5.5AI score0.00185EPSS
Exploits1References1
Snyk
Snyk
added 2025/12/22 9:30 p.m.3 views

Cross-site Scripting (XSS)

Overview piranha is an a complete rewrite of Piranha CMS for .NET Core. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name field in the Media module. An attacker can execute arbitrary web scripts or HTML by injecting crafted payloads. Details Cross-site...

6.1CVSS5.4AI score0.00185EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/22 9:30 p.m.2 views

Cross-site Scripting (XSS)

Overview piranha is an a complete rewrite of Piranha CMS for .NET Core. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Excerpt field in the Page Settings module. An authenticated attacker can execute arbitrary web scripts or HTML by injecting a crafted payloa...

6.1CVSS5.2AI score0.00185EPSS
Exploits1References2
OSV
OSV
added 2025/12/22 9:30 p.m.1 views

GHSA-FW48-7QF9-455M Piranha has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

4.8CVSS5.4AI score0.00185EPSS
Exploits1References4
OSV
OSV
added 2025/12/22 9:30 p.m.1 views

GHSA-83FP-HH9M-C2JQ Piranha has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

4.8CVSS5.5AI score0.00185EPSS
Exploits1References4
NVD
NVD
added 2025/12/22 8:15 p.m.3 views

CVE-2025-67290

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

6.1CVSS0.00185EPSS
Exploits1References2
OSV
OSV
added 2025/12/22 8:15 p.m.6 views

CVE-2025-67291

A stored cross-site scripting XSS vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

6.1CVSS5.4AI score0.00185EPSS
Exploits1References2
CVE
CVE
added 2025/12/22 12:0 a.m.10 views

CVE-2025-67291

CVE-2025-67291 affects Piranha CMS, Media module in version 12.1. The vulnerability is a stored XSS: an attacker can inject a crafted payload into the Name field, leading to execution of arbitrary web scripts/HTML in a user’s browser. Documents from multiple sources (NVD, Red Hat, OSV) confirm th...

6.1CVSS5.2AI score0.00185EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.5 views

PT-2025-52684

Name of the Vulnerable Software and Affected Versions Piranha CMS version 12.1 Description A stored cross-site scripting XSS issue exists in the Page Settings module. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Excerpt field...

6.1CVSS5.8AI score0.00185EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/12/22 12:0 a.m.22 views

CVE-2025-67291

A stored cross-site scripting XSS vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

0.00185EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/22 12:0 a.m.3 views

CVE-2025-67290

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

5.1AI score0.00185EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.7 views

PT-2025-52685

Name of the Vulnerable Software and Affected Versions Piranha CMS version 12.1 Description A stored cross-site scripting XSS issue exists in the Media module. An attacker can inject a crafted payload into the Name field to execute arbitrary web scripts or HTML. Recommendations At the moment, ther...

6.1CVSS5.8AI score0.00185EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.3 views

Piranha CMS 安全漏洞

Piranha CMS is Piranha CMS open source a friendly editor-centric CMS used as . A security vulnerability exists in Piranha CMS that stems from the injection of a specially crafted payload into the Excerpt field that could lead to the execution of arbitrary web script or HTML...

6.1CVSS6.7AI score0.00185EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/22 12:0 a.m.2 views

CVE-2025-67291

A stored cross-site scripting XSS vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

5.2AI score0.00185EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/22 12:0 a.m.23 views

CVE-2025-67290

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

0.00185EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.7 views

CVE-2025-61413

A stored cross-site scripting XSS vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks...

6.1CVSS5.7AI score0.00263EPSS
Exploits1References1
OSV
OSV
added 2025/10/23 6:31 p.m.3 views

GHSA-3QCP-9V8C-6JP7 Piranha CMS vulnerable to stored cross-site scripting (XSS)

A stored cross-site scripting XSS vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks...

5.3CVSS5.5AI score0.00263EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/10/23 6:31 p.m.8 views

Piranha CMS vulnerable to stored cross-site scripting (XSS)

A stored cross-site scripting XSS vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks...

6.1CVSS5.5AI score0.00263EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder