CVE-2024-58297

UNKNOWN 0.0

PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.

CWE	CWE-79
Vendor	pyrocms
Product	pyrocms
Published	Dec 11, 2025
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for pyrocms pyrocms

Be the first to know when new unknown vulnerabilities affecting pyrocms pyrocms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Pyrocms / PyroCMS

3.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52016 pyrocms.com: https://pyrocms.com/ softaculous.com: https://www.softaculous.com/apps/cms/PyroCMS/ vulncheck.com: https://www.vulncheck.com/advisories/pyrocms-v-stored-cross-site-scripting-via-admin-redirects

Credits

tmrswrr