← volver
CVE-2024-58297

PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects

CVSS 5.3 MEDIUMEPSS 0.2%CWE-79
PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Productos afectados
Pyrocms · PyroCMS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://pyrocms.com/https://www.exploit-db.com/exploits/52016https://www.softaculous.com/apps/cms/PyroCMS/https://www.vulncheck.com/advisories/pyrocms-v-stored-cross-site-scripting-via-admin-redirects