CVE-2022-37721

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...

Remote code execution

PyroCMS 3.9 contains a remote code execution RCE vulnerability that can be exploited through a server-side template injection SSTI flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system...

CVE-2023-29689

PyroCMS 3.9 contains a remote code execution RCE vulnerability that can be exploited through a server-side template injection SSTI flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system...

CVE-2022-37721

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...

PT-2022-24049 · Pyrocms · Pyrocms

Name of the Vulnerable Software and Affected Versions: PyroCMS version 3.9 Description: The issue allows a low-privileged user, such as an author, to inject crafted HTML and JavaScript payload in a blog post, leading to full admin account takeover or privilege escalation. This is a stored Cross...

CVE-2022-37721

PyroCMS 3.9 is vulnerable to a stored Cross-Site Scripting (XSS) attack in blog posts. A low-privileged user (e.g., author) can inject crafted HTML/JavaScript, which may execute in other users’ browsers and lead to admin account takeover or privilege escalation. The CVSS 3.1 base score is 9.0 (CR...