Low severityOSV Advisory· Published Dec 22, 2025· Updated Dec 22, 2025
CVE-2025-67290
CVE-2025-67290
Description
A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PiranhaNuGet | <= 12.0.0 | — |
Affected products
1- Range: v10.0, v10.0-alpha1, v10.0.1, …
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-fw48-7qf9-455mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-67290ghsaADVISORY
- piranha.comghsaWEB
- github.com/vuquyen03/CVE/tree/main/CVE-2025-67290ghsaWEB
News mentions
0No linked articles in our index yet.