GHSA-cm7f-hf2g-ghrp
- Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-cm7f-hf2g-ghrp/GHSA-cm7f-hf2g-ghrp.json
- Aliases
-
- CVE-2022-37721
- Published
- 2022-11-25T18:30:25Z
- Modified
- 2023-03-18T05:44:50.147119Z
- Details
-
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS) when a low privileged user, such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
- References
Affected packages
Packagist / pyrocms/pyrocms
pyrocms/pyrocms
Affected versions
3.*
3.0.0-alpha1
3.0.0-alpha2
3.4.11
v2.*
v2.3.0-alpha1
v2.3.0-beta1
v3.*
v3.0.0
v3.0.0-beta1
v3.0.0-beta2
v3.0.0-beta3
v3.0.0-rc1
v3.0.0-rc2
v3.0.1
v3.0.2
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.4.0
v3.4.1
v3.4.10
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.7.0
v3.7.1
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v3.9.0
v3.9.1