VulnerableCode Package Details - pkg:composer/pyrocms/pyrocms@3.9.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-436f-9bgq-p3cf Aliases: CVE-2022-37721 GHSA-cm7f-hf2g-ghrp	PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-436f-9bgq-p3cf
Aliases:
CVE-2022-37721
GHSA-cm7f-hf2g-ghrp

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-436f-9bgq-p3cf	PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.	CVE-2022-37721 GHSA-cm7f-hf2g-ghrp
VCID-pzgg-zte1-efew		CVE-2022-35118
VCID-zh8w-4tuc-bbcr	PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.	CVE-2023-29689 GHSA-w7vm-4v3j-vgpw

Vulnerability

Summary

Aliases

VCID-436f-9bgq-p3cf

CVE-2022-37721
GHSA-cm7f-hf2g-ghrp

VCID-pzgg-zte1-efew

CVE-2022-35118

VCID-zh8w-4tuc-bbcr

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.

CVE-2023-29689
GHSA-w7vm-4v3j-vgpw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T18:40:47.719856+00:00	GitLab Importer	Fixing	VCID-436f-9bgq-p3cf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pyrocms/pyrocms/CVE-2022-37721.yml	38.6.0
2026-06-12T18:29:04.142495+00:00	GitLab Importer	Fixing	VCID-pzgg-zte1-efew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pyrocms/pyrocms/CVE-2022-35118.yml	38.6.0
2026-06-12T15:46:45.837763+00:00	GitLab Importer	Fixing	VCID-zh8w-4tuc-bbcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pyrocms/pyrocms/CVE-2023-29689.yml	38.6.0
2026-06-11T20:33:25.273562+00:00	GHSA Importer	Affected by	VCID-436f-9bgq-p3cf	https://github.com/advisories/GHSA-cm7f-hf2g-ghrp	38.6.0