VYPR
Unrated severityNVD Advisory· Published Dec 11, 2025· Updated Mar 5, 2026

PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects

CVE-2024-58297

Description

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • PyroCMS/PyroCMSllm-create2 versions
    = 3.0.1+ 1 more
    • (no CPE)range: = 3.0.1
    • (no CPE)range: 3.0.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.

CVE-2024-58297 · VYPR