CVE-2025-67290

Name of the Vulnerable Software and Affected Versions Piranha CMS version 12.1

Description A stored cross-site scripting (XSS) issue exists in the Page Settings module. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Excerpt field.

Recommendations Update Piranha CMS to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all input to the Excerpt field in the Page Settings module to prevent the injection of malicious scripts.