exploitDog

CVE-2024-58297

Опубликовано: 11 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.

Ссылки

https://pyrocms.com/
Product
https://www.exploit-db.com/exploits/52016
Exploit
VDB Entry
https://www.softaculous.com/apps/cms/PyroCMS/
Product
https://www.vulncheck.com/advisories/pyrocms-v-stored-cross-site-scripting-via-admin-redirects
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pyrocms:pyrocms:3.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 13%

0.00043

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-5gm4-757j-3p92

CVSS3: 5.4

github

около 2 месяцев назад

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.

EPSS

Процентиль: 13%

0.00043

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79