PiranhaCMS Stored Cross-Site Scripting Vulnerability in Text Content Block

A stored cross-site scripting vulnerability has been identified in PiranhaCMS version 12.0. This issue affects the 'Text' content block on Standard and Standard Archive Pages. The vulnerability arises because user-generated HTML is not adequately sanitized before being saved. An authenticated user can inject JavaScript that executes in the browser of anyone who views the page. This creates a persistent XSS risk, particularly in shared admin environments, where it could lead to account compromise or unauthorized access to data.

Impact

Exploitation of this vulnerability allows for persistent cross-site scripting, where injected scripts are executed automatically whenever the page is accessed or previewed. This could result in session hijacking or theft of sensitive information such as cookies or tokens. Additionally, it could enable a malicious user to impersonate another user or escalate privileges, particularly targeting admin or editor roles.

Reproduction

To reproduce this vulnerability, log into the PiranhaCMS admin panel and navigate to the Pages section. Create a new Standard Page or Standard Archive Page, and in the 'Text' content block, insert a JavaScript payload, such as an image tag with an 'onerror' event. Once the page is saved, the injected script will execute immediately and every time the page is accessed or previewed.