📄 Piranha CMS 12.0 Cross Site Scripting

Piranha CMS version 12.0 suffers from a cross site scripting vulnerability. Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? Vendor Homepage:...

Cross-site Scripting (XSS)

Piranha is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the Text content block of Standard and Standard Archive Pages via /manager/pages, which allows an attacker to inject malicious JavaScript that executes in another user’s browser...

EUVD-2025-31385

Malicious code in bioql PyPI...

EUVD-2023-58031

Malicious code in bioql PyPI...

CVE-2025-57692

PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser...

PiranhaCMS stored XSS

PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser...

CVE-2025-57692

PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser...

CVE-2025-57692

PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser...

PT-2025-39678

Name of the Vulnerable Software and Affected Versions PiranhaCMS version 12.0 Description The software contains a stored cross-site scripting XSS issue in the Text content block of Standard and Standard Archive Pages. This allows for the execution of arbitrary JavaScript in another user's browser...

CVE-2025-57692

PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser...

CVE-2025-57692

Affected software: PiranhaCMS 12.0 (self-hosted CMS). Vulnerability: Stored Cross-Site Scripting in the Text content block of Standard and Standard Archive Pages, exploitable via /manager/pages. Root cause (as per sources): Insufficient input filtering allowing stored XSS. Impact: Allows executio...

CVE-2023-5745

The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

WordPress Reusable Text Blocks Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Reusable Text Blocks Type Plugin Vulnerable versions = 1.5.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5745 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c815ea3f161d Credits Lana Codes Required...

CVE-2023-5745

The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5745

The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

WordPress Plugin Reusable Text Blocks Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-5745 Reusable Text Blocks <= 1.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode

The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5745 Reusable Text Blocks <= 1.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode

The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

PT-2023-32299 · WordPress · Reusable Text Blocks

Name of the Vulnerable Software and Affected Versions: Reusable Text Blocks plugin for WordPress versions up to, and including, 1.5.3 Description: The issue is related to Stored Cross-Site Scripting via the 'text-blocks' shortcode due to insufficient input sanitization and output escaping on...

Some iMessage Accounts Hit Hard by Mass Messaging, DoS Attacks

A handful of Apple developers have found their iMessage accounts the victim of what’s being loosely referred to as a series of denial-of-service attacks. Using rapid-fire AppleScript texts, attackers have been sending many messages at a time to about half a dozen iOS developers over the last week...