COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2022-37721

CVE-2022-37721

Severity
critical
Source
NVD · cve
Published
2022-11-25
CVSS
9.0
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-37721
shame 35/100

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.

Players implicated

pyrocms · vendorpyrocms · product

Description

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.