CVE-2025-67290
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A stored cross-site scripting (XSS) vulnerability exists in the Page Settings module of Piranha CMS v12.1. Attackers can inject malicious JavaScript or HTML into the Excerpt field, leading to script execution in victims' browsers.
Risk Assessment
The risk includes session hijacking, admin account takeover, and website defacement. This vulnerability could be leveraged to distribute malware within the organization.
Recommendation
Immediately update Piranha CMS to the latest version and apply input validation and output encoding for the Excerpt field. Additionally, implement a Content Security Policy (CSP).
Original NVD description (English source)
A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.

