GHSA-3qcp-9v8c-6jp7

Source

https://github.com/advisories/GHSA-3qcp-9v8c-6jp7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-3qcp-9v8c-6jp7/GHSA-3qcp-9v8c-6jp7.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-3qcp-9v8c-6jp7

Aliases

CVE-2025-61413

Published

2025-10-23T18:31:15Z

Modified

2025-10-27T14:31:06.307928Z

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Piranha CMS vulnerable to stored cross-site scripting (XSS)

Details

A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2025-10-23T18:16:23Z",
    "github_reviewed_at": "2025-10-23T20:31:36Z",
    "severity": "MODERATE"
}

References

Affected packages

NuGet / Piranha

Package

Name: Piranha; View open source insights on deps.dev
Purl: pkg:nuget/Piranha

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

12.0.0

Affected versions

4.*

4.0.0-alpha1

4.0.0-alpha3

4.0.0-alpha4

4.0.0-alpha5

4.0.0-alpha6

4.0.0-alpha7

4.0.0-alpha7-1

4.0.0-alpha8

4.0.0-alpha9

4.0.0-beta1

4.0.0-rc1

4.0.0

4.1.0-alpha1

4.1.0-beta1

4.1.0-beta2

4.1.0

4.1.1

4.2.0-alpha1

4.2.0-alpha2

4.2.0-beta1

4.2.0

4.2.1

4.3.0-beta1

4.3.0

5.*

5.0.0-alpha1

5.0.0-beta1

5.0.0

5.1.0-alpha1

5.1.0-alpha2

5.1.0-beta1

5.1.0

5.1.1

5.1.2

5.2.0-beta1

5.2.0-beta2

5.2.0

5.2.1

5.3.0-beta1

5.3.0

5.3.1

5.4.0

6.*

6.0.0

6.0.1

6.1.0

7.*

7.0.0-alpha1

7.0.0-alpha2

7.0.0-alpha3

7.0.0-beta1

7.0.0-rc1

7.0.0

7.0.1

7.0.2

7.0.3

7.1.0

8.*

8.0.0

8.0.1

8.0.2

8.1.0

8.2.0

8.3.0

8.4.0

8.4.1

8.4.2

9.*

9.0.0-beta1

9.0.0-rc1

9.0.0-rc2

9.0.0

9.0.1

9.1.0-alpha1

9.1.0-alpha2

9.1.0-beta1

9.1.0

9.1.1

9.2.0

10.*

10.0.0

10.0.1

10.0.2

10.0.3

10.0.4

10.1.0

10.2.0

10.3.0

10.4.0

11.*

11.0.0

11.1.0

12.*

12.0.0