CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44135
https://notcve.org/view.php?id=CVE-2021-44135
01 Apr 2022 — pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. pagekit todas las versiones, a partir del 15-10-2021, es vulnerable a una Inyección SQL por medio del listado de comentarios • https://huntr.dev/bounties/82f09b08-ceeb-4249-8855-b8bc718c4868 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14381
https://notcve.org/view.php?id=CVE-2018-14381
18 Jul 2018 — Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability. Pagekit, en versiones anteriores a la 1.0.14, tiene una vulnerabilidad de redirección abierta en /user/login?redirect=. • https://github.com/pagekit/pagekit/issues/905 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 6CVE-2018-11564 – Pagekit < 1.0.13 - Cross-Site Scripting Code Generator
https://notcve.org/view.php?id=CVE-2018-11564
31 May 2018 — Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack. • https://packetstorm.news/files/id/148001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2017-5594 – PageKit 1.0.10 - Password Reset
https://notcve.org/view.php?id=CVE-2017-5594
25 Jan 2017 — An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01. Se descubrió un problema en Pagekit CMS en versiones anteriores a 1.0.11. • https://www.exploit-db.com/exploits/41143 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8070 – Pagekit 0.8.7 Cross Site Scripting / Open Redirect
https://notcve.org/view.php?id=CVE-2014-8070
13 Oct 2014 — Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to index.php/user/logout. Vulnerabilidad de la liberación abierta en YOOtheme Pagekit CMS 0.8.7 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro redirect en index.php/user/logout. Pagekit version 0.8.7 suffers from cross site scri... • https://packetstorm.news/files/id/128641 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8069 – Pagekit 0.8.7 Cross Site Scripting / Open Redirect
https://notcve.org/view.php?id=CVE-2014-8069
13 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2) PATH_INFO to index.php. Múltiples vulnerabilidades de XSS en YOOtheme Pagekit CMS 0.8.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) la cabecera HTTP Referer en index.php/user o (2) PATH_INFO en index.php. Pagekit version 0.8.7 suffers from cross site scri... • https://packetstorm.news/files/id/128641 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •