Vulnerabilities > Pyrocms

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-04	CVE-2023-29689	Unspecified vulnerability in Pyrocms 3.9 PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. network low complexity pyrocms critical	9.8
2022-11-25	CVE-2022-37721	Cross-site Scripting vulnerability in Pyrocms 3.9 PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. network low complexity pyrocms CWE-79 critical	9.0
2022-08-01	CVE-2022-35118	Cross-site Scripting vulnerability in Pyrocms PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. network low complexity pyrocms CWE-79	6.1
2020-10-08	CVE-2020-25263	Cross-Site Request Forgery (CSRF) vulnerability in Pyrocms 3.7 PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted. network low complexity pyrocms CWE-352	7.1
2020-10-08	CVE-2020-25262	Cross-Site Request Forgery (CSRF) vulnerability in Pyrocms 3.7 PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted. network low complexity pyrocms CWE-352	4.3

Vulnerabilities > Pyrocms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Pyrocms"}]}