← Back

Pyrocms

pyrocms

Vendor: Pyrocms • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-58297
1Pyrocms
1Pyrocms
Jun 17, 2026
Dec 11, 2025
5.3 MEDIUM· v4
5.4 MEDIUM· v3
N/A· v2
PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to e...Show more
PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.Show less
CVE-2023-29689
1Pyrocms
1Pyrocms
Jun 17, 2026
Aug 4, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to t...Show more
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.Show less
CVE-2022-37721
1Pyrocms
1Pyrocms
Jun 17, 2026
Nov 25, 2022
N/A· v4
9.0 CRITICAL· v3
N/A· v2
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privi...Show more
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.Show less
CVE-2022-35118
1Pyrocms
1Pyrocms
Jun 17, 2026
Aug 1, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
CVE-2020-25263
1Pyrocms
1Pyrocms
Jun 17, 2026
Oct 8, 2020
N/A· v4
7.1 HIGH· v3
5.8 MEDIUM· v2
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.
CVE-2020-25262
1Pyrocms
1Pyrocms
Jun 17, 2026
Oct 8, 2020
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.