Vulnerabilities > Pyrocms > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-04 CVE-2023-29689 Unspecified vulnerability in Pyrocms 3.9
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw.
network
low complexity
pyrocms
critical
 9.8
9.8
2022-11-25 CVE-2022-37721 Cross-site Scripting vulnerability in Pyrocms 3.9
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
network
low complexity
pyrocms CWE-79
critical
 9.0
9.0