Pagekit: >> Pagekit >> 0.11.2 Security Vulnerabilities
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-01
Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-18
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.
CVSS Score
4.8
EPSS Score
0.004
Published
2018-06-02
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
CVSS Score
7.5
EPSS Score
0.094
Published
2017-01-25