File tree Expand file tree Collapse file tree 2 files changed +64
-14
lines changed
advisories/github-reviewed/2025/12 Expand file tree Collapse file tree 2 files changed +64
-14
lines changed Original file line number Diff line number Diff line change 11{
22 "schema_version" : " 1.4.0"
33 "id" : " GHSA-83fp-hh9m-c2jq"
4- "modified" : " 2025-12-22T21:30:33Z "
4+ "modified" : " 2025-12-22T23:01:25Z "
55 "published" : " 2025-12-22T21:30:33Z"
66 "aliases" : [
77 " CVE-2025-67291"
88 ],
9+ "summary" : " Piranha has stored cross-site scripting (XSS) vulnerability"
910 "details" : " A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field."
1011 "severity" : [
1112 {
12- "type" : " CVSS_V3"
13- "score" : " CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
13+ "type" : " CVSS_V4"
14+ "score" : " CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"
15+ }
16+ ],
17+ "affected" : [
18+ {
19+ "package" : {
20+ "ecosystem" : " NuGet"
21+ "name" : " Piranha"
22+ },
23+ "ranges" : [
24+ {
25+ "type" : " ECOSYSTEM"
26+ "events" : [
27+ {
28+ "introduced" : " 0"
29+ },
30+ {
31+ "last_affected" : " 12.0.0"
32+ }
33+ ]
34+ }
35+ ]
1436 }
1537 ],
16- "affected" : [],
1738 "references" : [
1839 {
1940 "type" : " ADVISORY"
2041 "url" : " https://nvd.nist.gov/vuln/detail/CVE-2025-67291"
2142 },
43+ {
44+ "type" : " PACKAGE"
45+ "url" : " https://github.com/PiranhaCMS/piranha.core"
46+ },
2247 {
2348 "type" : " WEB"
2449 "url" : " https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67291"
3257 "cwe_ids" : [
3358 " CWE-79"
3459 ],
35- "severity" : " MODERATE "
36- "github_reviewed" : false ,
37- "github_reviewed_at" : null ,
60+ "severity" : " LOW "
61+ "github_reviewed" : true ,
62+ "github_reviewed_at" : " 2025-12-22T23:01:25Z "
3863 "nvd_published_at" : " 2025-12-22T20:15:45Z"
3964 }
4065}
Original file line number Diff line number Diff line change 11{
22 "schema_version" : " 1.4.0"
33 "id" : " GHSA-fw48-7qf9-455m"
4- "modified" : " 2025-12-22T21:30:33Z "
4+ "modified" : " 2025-12-22T23:00:45Z "
55 "published" : " 2025-12-22T21:30:33Z"
66 "aliases" : [
77 " CVE-2025-67290"
88 ],
9+ "summary" : " Piranha has stored cross-site scripting (XSS) vulnerability"
910 "details" : " A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field."
1011 "severity" : [
1112 {
12- "type" : " CVSS_V3"
13- "score" : " CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
13+ "type" : " CVSS_V4"
14+ "score" : " CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"
15+ }
16+ ],
17+ "affected" : [
18+ {
19+ "package" : {
20+ "ecosystem" : " NuGet"
21+ "name" : " Piranha"
22+ },
23+ "ranges" : [
24+ {
25+ "type" : " ECOSYSTEM"
26+ "events" : [
27+ {
28+ "introduced" : " 0"
29+ },
30+ {
31+ "last_affected" : " 12.0.0"
32+ }
33+ ]
34+ }
35+ ]
1436 }
1537 ],
16- "affected" : [],
1738 "references" : [
1839 {
1940 "type" : " ADVISORY"
2041 "url" : " https://nvd.nist.gov/vuln/detail/CVE-2025-67290"
2142 },
43+ {
44+ "type" : " PACKAGE"
45+ "url" : " https://github.com/PiranhaCMS/piranha.core"
46+ },
2247 {
2348 "type" : " WEB"
2449 "url" : " https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67290"
3257 "cwe_ids" : [
3358 " CWE-79"
3459 ],
35- "severity" : " MODERATE "
36- "github_reviewed" : false ,
37- "github_reviewed_at" : null ,
60+ "severity" : " LOW "
61+ "github_reviewed" : true ,
62+ "github_reviewed_at" : " 2025-12-22T23:00:45Z "
3863 "nvd_published_at" : " 2025-12-22T20:15:45Z"
3964 }
4065}
You can’t perform that action at this time.
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments