CVE Catalog

CVE-2025-67290

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

A stored cross-site scripting (XSS) vulnerability exists in the Page Settings module of Piranha CMS v12.1. Attackers can inject malicious JavaScript or HTML into the Excerpt field, leading to script execution in victims' browsers.

Risk Assessment

The risk includes session hijacking, admin account takeover, and website defacement. This vulnerability could be leveraged to distribute malware within the organization.

Recommendation

Immediately update Piranha CMS to the latest version and apply input validation and output encoding for the Excerpt field. Additionally, implement a Content Security Policy (CSP).

Original NVD description (English source)

A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS