{"id":"CVE-2025-61413","details":"A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks.","aliases":["GHSA-3qcp-9v8c-6jp7"],"modified":"2026-04-10T05:33:41.579867Z","published":"2025-10-23T18:16:23.683Z","references":[{"type":"WEB","url":"http://piranhacms.org/"},{"type":"PACKAGE","url":"https://github.com/PiranhaCMS/piranha.core"},{"type":"EVIDENCE","url":"https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-61413/advisory.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/piranhacms/piranha.core","events":[{"introduced":"0"},{"last_affected":"aa2555d717f0a14e419f328ff0284358d9fa4319"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"12.0"}]}}],"versions":["v10.0","v10.0-alpha1","v10.0.1","v10.0.2","v10.0.3","v10.0.4","v10.1","v10.2","v10.3","v10.4","v11.0","v11.1","v12.0","v4.0.0","v4.0.0-alpha1","v4.0.0-alpha3","v4.0.0-alpha4","v4.0.0-alpha5","v4.0.0-alpha6","v4.0.0-alpha7","v4.0.0-alpha8","v4.0.0-alpha9","v4.0.0-beta1","v4.0.0-rc1","v4.0.1","v4.1.0","v4.1.0-alpha1","v4.1.0-beta1","v4.1.0-beta2","v4.2.0","v4.2.0-alpha1","v4.2.0-alpha2","v4.2.0-beta1","v4.2.1","v4.3.0","v4.3.0-beta1","v5.0.0","v5.0.0-alpha1","v5.0.0-beta1","v5.0.1","v5.1.0","v5.1.0-alpha1","v5.1.0-beta1","v5.1.1","v5.1.2","v5.2.0","v5.2.0-beta1","v5.2.0-beta2","v5.2.1","v5.3.0","v5.3.0-beta1","v5.3.1","v5.4.0","v6.0.0","v6.0.1","v6.0.2","v6.1.0","v7.0-sr2","v7.0-sr3","v7.0-sr4","v7.0-sr5","v7.0.0","v7.0.0-alpha1","v7.0.0-alpha2","v7.0.0-beta1","v7.0.1","v7.1.0","v8.0","v8.0-sr1","v8.1","v8.2","v8.3","v8.3-sr1","v8.3-sr2","v8.4","v8.4-sr1","v8.4-sr2","v8.4-sr3","v9.0","v9.0-beta1","v9.0-rc1","v9.0-rc2","v9.0-sr1","v9.1","v9.1-alpha1","v9.1-alpha2","v9.1-beta1","v9.1-sr1","v9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61413.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}