{"id":"CVE-2025-67290","details":"A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.","aliases":["GHSA-fw48-7qf9-455m"],"modified":"2026-02-18T01:43:19.503343Z","published":"2025-12-22T20:15:45.100Z","references":[{"type":"WEB","url":"http://piranha.com"},{"type":"ADVISORY","url":"https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67290"},{"type":"EVIDENCE","url":"https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67290"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/piranhacms/piranha.core","events":[{"introduced":"0"},{"last_affected":"339060a72d245902fff4d576d6d863d52c60c25f"}]}],"versions":["v.6.1.1","v10.0","v10.0-alpha1","v10.0.1","v10.0.2","v10.0.3","v10.0.4","v10.1","v10.2","v10.3","v10.4","v11.0","v11.1","v12.0","v12.1","v4.0.0","v4.0.0-alpha1","v4.0.0-alpha3","v4.0.0-alpha4","v4.0.0-alpha5","v4.0.0-alpha6","v4.0.0-alpha7","v4.0.0-alpha8","v4.0.0-alpha9","v4.0.0-beta1","v4.0.0-rc1","v4.0.1","v4.1.0","v4.1.0-alpha1","v4.1.0-beta1","v4.1.0-beta2","v4.1.1","v4.2.0","v4.2.0-alpha1","v4.2.0-alpha2","v4.2.0-beta1","v4.2.1","v4.3.0","v4.3.0-beta1","v4.3.1","v5.0.0","v5.0.0-alpha1","v5.0.0-beta1","v5.0.1","v5.1.0","v5.1.0-alpha1","v5.1.0-beta1","v5.1.1","v5.1.2","v5.2.0","v5.2.0-beta1","v5.2.0-beta2","v5.2.1","v5.3.0","v5.3.0-beta1","v5.3.1","v5.4.0","v6.0.0","v6.0.1","v6.0.2","v6.1.0","v7.0-sr2","v7.0-sr3","v7.0-sr4","v7.0-sr5","v7.0.0","v7.0.0-alpha1","v7.0.0-alpha2","v7.0.0-beta1","v7.0.1","v7.1.0","v8.0","v8.0-sr1","v8.0-sr2","v8.1","v8.1-sr1","v8.2","v8.3","v8.3-sr1","v8.3-sr2","v8.4","v8.4-sr1","v8.4-sr2","v8.4-sr3","v9.0","v9.0-beta1","v9.0-rc1","v9.0-rc2","v9.0-sr1","v9.1","v9.1-alpha1","v9.1-alpha2","v9.1-beta1","v9.1-sr1","v9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67290.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}