CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-37721

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.0%

CVSS Severity

CVSS v3 Score 9.0

References

http://pyrocms.com
https://labs.integrity.pt/advisories/cve-2022-37721/
http://pyrocms.com
https://labs.integrity.pt/advisories/cve-2022-37721/

Products affected by CVE-2022-37721

Pyrocms » Pyrocms » Version: 3.9

cpe:2.3:a:pyrocms:pyrocms:3.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-37721

Products

Pricing

Contact Us