VYPR

PyroCMS

by PyroCMS

CVEs (4)

  • CVE-2023-29689CriAug 4, 2023
    risk 0.70cvss 9.8epss 0.41

    PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.

  • CVE-2022-37721CriNov 25, 2022
    risk 0.59cvss 9.0epss 0.01

    PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.

  • CVE-2022-35118MedAug 1, 2022
    risk 0.40cvss 6.1epss 0.00

    PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

  • CVE-2024-58297Dec 11, 2025
    risk 0.00cvss epss 0.00

    PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the…