73 matches found
CVE-2022-37721
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...
CVE-2022-37721
PyroCMS 3.9 is vulnerable to a stored Cross-Site Scripting (XSS) attack in blog posts. A low-privileged user (e.g., author) can inject crafted HTML/JavaScript, which may execute in other users’ browsers and lead to admin account takeover or privilege escalation. The CVSS 3.1 base score is 9.0 (CR...
CVE-2022-35118
PyroCMS v3.9 was discovered to contain multiple cross-site scripting XSS vulnerabilities...
CVE-2022-35118
PyroCMS v3.9 was discovered to contain multiple cross-site scripting XSS vulnerabilities...
CVE-2022-35118
PyroCMS v3.9 was discovered to contain multiple cross-site scripting XSS vulnerabilities...
Cross site scripting
PyroCMS v3.9 was discovered to contain multiple cross-site scripting XSS vulnerabilities...
CVE-2022-35118
CVE-2022-35118 affects PyroCMS v3.9 with multiple cross-site scripting (XSS) vulnerabilities. The available documents confirm affected software and vulnerability type but do not provide explicit exploit details or affected component versions beyond v3.9. The base report lists a CVSS v3.1 score of...
CVE-2022-35118
PyroCMS v3.9 was discovered to contain multiple cross-site scripting XSS vulnerabilities...
PT-2022-22584 · Pyrocms · Pyrocms
Name of the Vulnerable Software and Affected Versions: PyroCMS version 3.9 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. Recommendations: For PyroCMS version 3.9, update to a version that contains a fix for this issue, as the current version is affected by...
PyroCMS Vulnerable to CSRF
PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/pages/delete/ URI: pages will be deleted...
GHSA-56XX-PV88-2662 PyroCMS Vulnerable to CSRF
PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/pages/delete/ URI: pages will be deleted...
PyroCMS Vulnerable to CSRF
PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted...
GHSA-VG2G-698H-V9W3 PyroCMS Vulnerable to CSRF
PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted...
PyroCMS Cross-Site Request Forgery Vulnerability (CNVD-2020-60830)
PyroCMS is an easy-to-use, powerful and modular CMS and development platform built using Laravel 5. A cross-site request forgery vulnerability exists in PyroCMS 3.7. An attacker can exploit this vulnerability by deleting pages via the admin/pages/delete/ URI...
CVE-2020-25262
PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/pages/delete/ URI: pages will be deleted...
CVE-2020-25263
PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted...
CVE-2020-25263
PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted...
CVE-2020-25262
PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/pages/delete/ URI: pages will be deleted...
Cross site request forgery (csrf)
PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/pages/delete/ URI: pages will be deleted...
Cross site request forgery (csrf)
PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted...