EIP-2026-104400

PRE-CVE

Piranha CMS 12.0 - Stored XSS in Text Block

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104400. PoCs published by terminalvenoms.

AI-analyzed exploit summary This is a technical writeup detailing a stored XSS vulnerability in Piranha CMS 12.0, where malicious JavaScript can be injected into the Text content block of Standard or Standard Archive Pages. The document provides reproduction steps and multiple payload examples to demonstrate the vulnerability.

Description

Piranha CMS 12.0 - Stored XSS in Text Block

Exploits (1)

exploitdb WRITEUP
by terminalvenoms · textwebappsmultiple
https://www.exploit-db.com/exploits/52471

This is a technical writeup detailing a stored XSS vulnerability in Piranha CMS 12.0, where malicious JavaScript can be injected into the Text content block of Standard or Standard Archive Pages. The document provides reproduction steps and multiple payload examples to demonstrate the vulnerability.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Piranha CMS v12.0
Auth required
Prerequisites: Authenticated access to the Piranha CMS admin panel
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026