CVE-2022-37721

描述

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS) when a low privileged user, such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.

受影響套件(1)

• Packagist/pyrocms/pyrocmsfrom 0, <= 3.9.1

CVSS 分數

參考連結(3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-37721
• PATCHhttps://github.com/pyrocms/pyrocms
• WEBhttps://labs.integrity.pt/advisories/cve-2022-37721