CVE-2025-61413

Name of the Vulnerable Software and Affected Versions Piranha CMS versions 12.0 and 12.1

Description A stored cross-site scripting (XSS) issue exists in the /manager/pages component of Piranha CMS. This allows attackers to execute arbitrary web scripts or HTML by creating a page and injecting a crafted payload into the Markdown blocks. The vulnerability is triggered through the creation of a page and manipulation of Markdown content. The API endpoint /manager/pages is involved in this issue. The vulnerable parameter is the Markdown block content, where an attacker can inject malicious code.

Recommendations Piranha CMS version 12.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Piranha CMS version 12.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.