PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS) when a low privileged user, such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
{ "nvd_published_at": "2022-11-25T17:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2022-12-05T18:28:09Z" }