关键信息 漏洞标题 Stored XSS in Text Block – Piranha CMS 12.0 概要 Summary: Piranha CMS 12.0 contains a stored cross-site scripting (XSS) vulnerability affecting the 'Text' content block used in both Standard Page and Standard Archive Page types. When adding text content via the page editor, user-supplied HTML is not properly sanitized. An authenticated user can inject JavaScript payloads that are saved with the page content. These scripts are executed immediately upon save and every time the page is previewed or accessed, resulting in persistent XSS. CVE ID CVE ID: Pending Assignment 厂商 Vendor: https://piranhacms.org https://github.com/PiranhaCMS/piranha.core 受影响产品 Affected Product: Piranha CMS version 12.0 https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0 受影响组件 Affected Component: Pages -> Standard Page / Standard Archive -> Content Block -> Text Path: /manager/pages 概念验证(PoC) 1. 登录到Piranha CMS管理面板:/manager/login 2. 导航到“Pages”部分 3. 点击“Add Page”并选择: - Standard Page 或 Standard Archive 4. 输入页面标题(例如,XSS Test) 5. 点击[+]按钮并选择“Content”下的“Text” 6. 在文本输入区域,粘贴以下有效负载之一: - Payload A: - Payload B: - Payload C: 7. 点击保存并预览 影响 Impact: Persistent (Stored) Cross-Site Scripting (XSS): injected scripts are saved as part of the page content. Automatic Execution: Payloads execute every time the page is accessed, previewed, or viewed by any user. Session Compromise: It leads to session hijacking or theft of sensitive data such as cookies, tokens, or local/session storage. Privilege Abuse: Enables malicious authenticated users to target other admins or editors, escalating access or impersonating users. Multi-Page Exposure: Affects both Standard Pages and Standard Archive Pages, increasing the overall attack surface.