Stored Cross-Site Scripting in PyroCMS Affects Admin Redirects Configuration
CVE-2024-58297

5.3MEDIUM

Key Information:

Vendor

Pyrocms

Status
Pyrocms
Vendor
CVE Published:
11 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2024-58297?

The vulnerability in PyroCMS v3.0.1 allows for stored cross-site scripting due to improper handling of user input in the admin redirects configuration. Attackers can exploit this weakness by injecting malicious scripts into the 'Redirect From' field. When administrators access the redirects page, these scripts execute, potentially compromising sensitive information or allowing further attacks on the web application. Website administrators are urged to update their PyroCMS installations and review their security settings to prevent this type of exploitation.

Affected Version(s)

PyroCMS 3.0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-58297 - Proof of Concept

References

https://www.exploit-db.com/exploits/52016
exploit
https://pyrocms.com/
product
https://www.softaculous.com/apps/cms/PyroCMS/
product

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

tmrswrr
JSON
.
CVE-2024-58297 : Stored Cross-Site Scripting in PyroCMS Affects Admin Redirects Configuration