CVE-2024-58297 – PyroCMS v3.0.1 contains a stored cross-site scr... (How to Fix)

Q: What is the severity of CVE-2024-58297?

CVE-2024-58297 has a CVSS score of 5.4 (MEDIUM). PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration. Attackers can inject malicious JavaScript into the 'Redirect From' field, which executes when administrators view the redirects page. This affects all PyroCMS v3.0.1 installations with admin access.

📋 TL;DR

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration. Attackers can inject malicious JavaScript into the 'Redirect From' field, which executes when administrators view the redirects page. This affects all PyroCMS v3.0.1 installations with admin access.

💻 Affected Systems

Products:

PyroCMS

Versions: v3.0.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin access to exploit the vulnerability in the redirects configuration interface.

📦 What is this software?

Pyrocms by Pyrocms

View all CVEs affecting Pyrocms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as administrators (including installing backdoors, modifying content, or accessing sensitive data), and potentially compromise the entire CMS installation.

🟠

Likely Case

Attackers with admin access or who can trick administrators into executing malicious actions could steal session tokens, redirect users to malicious sites, or deface the admin interface.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be rendered harmless as text rather than executable code.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin privileges to access the redirects configuration page. Public exploit code is available on Exploit-DB.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://pyrocms.com/

Restart Required: No

Instructions:

1. Check PyroCMS website for security updates. 2. Upgrade to a patched version if available. 3. Apply input validation and output encoding fixes to the redirects module.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side validation and HTML encoding for the 'Redirect From' field to prevent script injection.

Restrict Admin Access

linux

Limit admin panel access to trusted IP addresses only using web server configuration.

# Apache: Use .htaccess with Require ip
# Nginx: Use allow/deny directives in server block

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution sources.
Regularly audit admin activity logs for suspicious redirect modifications.

🔍 How to Verify

Check if Vulnerable:

Check if your PyroCMS version is 3.0.1 and test if the 'Redirect From' field in admin panel accepts and executes JavaScript payloads without sanitization.

Check Version:

Check the version in the PyroCMS admin dashboard or examine the composer.json file for version information.

Verify Fix Applied:

Test that JavaScript payloads in the 'Redirect From' field are properly encoded and do not execute when viewing the redirects page.

📡 Detection & Monitoring

Log Indicators:

Unusual modifications to redirect configurations in admin logs
Admin session anomalies or unexpected access patterns

Network Indicators:

Unexpected JavaScript payloads in HTTP POST requests to redirect configuration endpoints

SIEM Query:

Search for POST requests containing script tags or JavaScript code to /admin/redirects endpoints

📊 Metadata

CVE ID: CVE-2024-58297

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (12.8th percentile)

Published: December 11, 2025

Last Updated: January 20, 2026

🔗 References

https://pyrocms.com/ Product
https://www.exploit-db.com/exploits/52016 Exploit,VDB Entry
https://www.softaculous.com/apps/cms/PyroCMS/ Product
https://www.vulncheck.com/advisories/pyrocms-v-stored-cross-site-scripting-via-admin-redirects Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58297, you might also want to check these: