CNNVD-202512-2057 Information

CNNVD ID

CNNVD-202512-2057

Related CVE

CVE-2024-58297

• CNNVD Published: 2025-12-11

Description (Chinese)

PyroCMS是PyroCMS公司的一个使用CodeIgniter框架开发的轻量级开源内容管理系统。 PyroCMS v3.0.1版本存在跨站脚本漏洞，该漏洞源于管理员重定向配置中存在存储型跨站脚本，可能导致执行任意JavaScript。

Description (English)

PyroCMS is a light-volume open-source content management system developed by PyroCMS using the CodeIgniter framework. Version PyroCMS v3.0.1 has a cross-site script loophole, which results from the presence of a storage-type cross-site script in the administrator ’ s re-direction configuration, which may result in the execution of any JavaScript.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

PyroCMS

Published

2025-12-11

Last Modified

2026-02-24

References

https://pyrocms.com/ https://www.exploit-db.com/exploits/52016 https://www.softaculous.com/apps/cms/PyroCMS/ https://www.vulncheck.com/advisories/pyrocms-v-stored-cross-site-scripting-via-admin-redirects