) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:pagekit:pagekit:1.0.3
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-44135 |
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. Published: April 01, 2022; 10:15:07 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2018-14381 |
Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability. Published: July 18, 2018; 11:29:00 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2018-11564 |
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack. Published: June 01, 2018; 9:29:05 PM -0400 |
V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2017-5594 |
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01. Published: January 25, 2017; 1:59:00 PM -0500 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |