Vulnerabilities > Pyrocms

DATE CVE VULNERABILITY TITLE RISK
2023-08-04 CVE-2023-29689 Unspecified vulnerability in Pyrocms 3.9
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw.
network
low complexity
pyrocms
critical
9.8
2022-11-25 CVE-2022-37721 Cross-site Scripting vulnerability in Pyrocms 3.9
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
network
low complexity
pyrocms CWE-79
critical
9.0
2020-10-08 CVE-2020-25263 Cross-Site Request Forgery (CSRF) vulnerability in Pyrocms 3.7
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.
network
pyrocms CWE-352
5.8
2020-10-08 CVE-2020-25262 Cross-Site Request Forgery (CSRF) vulnerability in Pyrocms 3.7
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.
network
pyrocms CWE-352
4.3