QwikSec

Security Database

CVE

CWE

Training

CVE-2024-58297

Published: Dec 11, 2025

Modified: Mar 5, 2026

PUBLISHED

Description

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.

Vendor	Product	Versions
Pyrocms	PyroCMS	affected `3.0.1`

Weaknesses (CWE)

References

ExploitDB-52016

exploit

PyroCMS Homepage

product

SoftAculous CMS Page

product

VulnCheck Advisory: PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.