Pyrocms

pyrocms

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-58297 1Pyrocms 1Pyrocms Jun 17, 2026 Dec 11, 2025 5.3 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to e...Show more PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.Show less
CVE-2023-29689 1Pyrocms 1Pyrocms Jun 17, 2026 Aug 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to t...Show more PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.Show less
CVE-2022-37721 1Pyrocms 1Pyrocms Jun 17, 2026 Nov 25, 2022 N/A· v4 9.0 CRITICAL· v3 N/A· v2 PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privi...Show more PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.Show less
CVE-2022-35118 1Pyrocms 1Pyrocms Jun 17, 2026 Aug 1, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
CVE-2020-25263 1Pyrocms 1Pyrocms Jun 17, 2026 Oct 8, 2020 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.
CVE-2020-25262 1Pyrocms 1Pyrocms Jun 17, 2026 Oct 8, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.