3 matches found
CVE-2022-37721
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...
CVE-2022-37721
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...
CVE-2022-37721
PyroCMS 3.9 is vulnerable to a stored Cross-Site Scripting (XSS) attack in blog posts. A low-privileged user (e.g., author) can inject crafted HTML/JavaScript, which may execute in other users’ browsers and lead to admin account takeover or privilege escalation. The CVSS 3.1 base score is 9.0 (CR...