195 matches found
CVE-2021-44135
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing...
CVE-2021-44135
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing...
CVE-2021-44135
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing...
Sql injection
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing...
CVE-2021-44135
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing...
CVE-2021-44135
CVE-2021-44135 concerns Pagekit. Multiple connected sources document a SQL injection vulnerability in Pagekit’s comment listing, tied to the way the ConfigAction in SettingsController concatenates the order parameter (ASC/DESC) directly into SQL without sanitization. This leads to potential data ...
Pagekit SQL注入漏洞
Pagekit is a modular, lightweight CMS content management system. pagekit has a SQL injection vulnerability, which can be exploited by attackers to execute illegal SQL commands to steal sensitive data from the database...
GHSA-MRWR-2945-FR22 Cross-site scripting in PageKit
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...
Cross-site scripting in PageKit
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...
PageKit Cross-Site Scripting Vulnerability
Pagekit is a modular, lightweight CMS content management system. pageKit has a cross-site scripting vulnerability, which stems from the fact that SVG files may contain malicious scripts that can be exploited by attackers to trigger XSS attacks...
Cross-Site Scripting (XSS)
pagekit/pagekit is vulnerable to cross-site scripting XSS. An attacker is able to upload malicious SVG files that would be rendered when a user visits the link pointing to the file...
CVE-2021-32245
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...
CVE-2021-32245
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...
Design/Logic Flaw
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...
CVE-2021-32245
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...
CVE-2021-32245
PageKit CMS is affected by CVE-2021-32245. In PageKit v1.0.18, SVG uploads can contain malicious scripts that are not stripped, allowing an attacker to craft a link to /storage/exp.svg that, when clicked, triggers a cross-site scripting (XSS) payload. The vulnerability is corroborated across mult...
Pagekit 跨站脚本漏洞
Pagekit is a modular, lightweight CMS content management system. pageKit has a cross-site scripting vulnerability, which stems from the fact that SVG files may contain malicious scripts that can be exploited by attackers to trigger XSS attacks...
Cross-Site Request Forgery (CSRF)
pagekit/pagekit is vulnerable to cross-site request forgery CSRF. The application does not properly validate the csrf value in the POST request to upload a file, allowing a remote attacker to upload a file on behalf of the user when an authenticated user is tricked into visiting a malicious site...
CVE-2019-19013
A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request...
CVE-2019-19013
A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request...