Stored Cross Site Scripting Vulnerability in PyroCMS by PyroCMS
CVE-2022-37721

9CRITICAL

Key Information:

Vendor: Pyrocms
Status: Pyrocms
Vendor: CVE Published:; 25 November 2022

What is CVE-2022-37721?

PyroCMS 3.9 is susceptible to a stored Cross Site Scripting (XSS) vulnerability, which can be exploited by low-privileged users, such as authors. The flaw allows an attacker to insert a malicious HTML and JavaScript payload into blog posts, potentially resulting in the complete takeover of an admin account or escalating privileges within the application.

References

http://pyrocms.com

https://labs.integrity.pt/advisories/cve-2022-37721/

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 25, 2022
Vulnerability Reserved
Aug 8, 2022

JSON

Pyrocms

What is CVE-2022-37721?

References

CVSS V3.1

Timeline