CVE-2025-57692: 
C# vulnerability analysis and mitigation

PiranhaCMS version 12.0 contains a stored Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary JavaScript code in another user's browser via the Text content block of Standard and Standard Archive Pages through the /manager/pages endpoint. The vulnerability was discovered and disclosed on September 26, 2025 (NVD). The issue has been assigned CVE-2025-57692 and affects PiranhaCMS version 12.0.

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 6.8 MEDIUM (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L) according to CISA's assessment (NVD). The vulnerability exists in the Text content block feature of Standard and Standard Archive Pages, where user input is not properly sanitized before being stored and rendered, enabling stored XSS attacks.

If successfully exploited, this vulnerability allows attackers to execute arbitrary JavaScript code in the context of other users' browsers who view the affected pages. This could lead to session hijacking, credential theft, or other malicious actions performed in the context of the victim's browser session (NVD).

The vulnerability has been identified and documented in PiranhaCMS version 12.0. Users should monitor for security updates from PiranhaCMS and apply them when available. In the meantime, it is recommended to implement strict input validation and output encoding for all user-supplied content in the Text content blocks (NVD).