CVE-2025-67291
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to inject malicious JavaScript or HTML into the Name field, leading to script execution in victims' browsers.
Risk Assessment
The risk includes potential session hijacking, admin account takeover, or malware distribution within the organization.
Recommendation
Immediately update Piranha CMS to the latest version and implement input filtering and validation for the Name field.
Original NVD description (English source)
A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.

