Low severityOSV Advisory· Published Dec 22, 2025· Updated Dec 22, 2025
CVE-2025-67291
CVE-2025-67291
Description
A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PiranhaNuGet | <= 12.0.0 | — |
Affected products
1- Range: v10.0, v10.0-alpha1, v10.0.1, …
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-83fp-hh9m-c2jqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-67291ghsaADVISORY
- piranha.comghsaWEB
- github.com/vuquyen03/CVE/tree/main/CVE-2025-67291ghsaWEB
News mentions
0No linked articles in our index yet.