PiranhaCMS is vulnerable to stored XSS by creating a page with a specially crafted page title.
Go to the pages tab in the management panel with a user that has permission to create new pages. Create a page insert the below given payload in its title. Press the save button, and then click on the pages tab again, it is possible to see that the XSS payload was rendered.
<img src=x onerror=alert(‘XSS’)>
PiranhaCMS versions 7.0.0 to 9.1.1
Update to Piranha version 9.2.0