Pyrocms: >> Pyrocms >> 3.9 Security Vulnerabilities
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
CVSS Score
9.8
EPSS Score
0.64
Published
2023-08-04
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
CVSS Score
9.0
EPSS Score
0.001
Published
2022-11-25
PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-01