Cross-Site Scripting Vulnerabilities in PyroCMS by PyroCMS
CVE-2022-35118

6.1MEDIUM

Key Information:

Vendor: Pyrocms
Status: Pyrocms
Vendor: CVE Published:; 1 August 2022

What is CVE-2022-35118?

Multiple cross-site scripting vulnerabilities have been identified in PyroCMS v3.9. These vulnerabilities could allow attackers to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive information and altering user sessions. It is essential for users and developers to implement necessary security measures to protect against these types of vulnerabilities, including validating and sanitizing input data.

References

https://github.com/Accenture/AARO-Bugs/blob/master/AARO-C...

x_refsource_MISC

http://pyrocms.com

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 1, 2022
Vulnerability Reserved
Jul 4, 2022

JSON

Pyrocms

What is CVE-2022-35118?

References

CVSS V3.1

Timeline