Lucene search
K

195 matches found

NVD
NVD
added 2022/04/01 2:15 p.m.34 views

CVE-2021-44135

pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing...

10CVSS0.01513EPSS
Exploits1References1
OSV
OSV
added 2022/04/01 2:15 p.m.21 views

CVE-2021-44135

pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing...

9.8CVSS9.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/01 2:15 p.m.2 views

CVE-2021-44135

pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing...

10CVSS7.4AI score0.01513EPSS
Exploits1References2
Prion
Prion
added 2022/04/01 2:15 p.m.19 views

Sql injection

pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing...

10CVSS9.8AI score0.01513EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/04/01 1:22 p.m.41 views

CVE-2021-44135

pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing...

10AI score0.01513EPSS
Exploits1References1
CVE
CVE
added 2022/04/01 1:22 p.m.118 views

CVE-2021-44135

CVE-2021-44135 concerns Pagekit. Multiple connected sources document a SQL injection vulnerability in Pagekit’s comment listing, tied to the way the ConfigAction in SettingsController concatenates the order parameter (ASC/DESC) directly into SQL without sanitization. This leads to potential data ...

10CVSS9.8AI score0.01513EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.6 views

Pagekit SQL注入漏洞

Pagekit is a modular, lightweight CMS content management system. pagekit has a SQL injection vulnerability, which can be exploited by attackers to execute illegal SQL commands to steal sensitive data from the database...

10CVSS6AI score0.01513EPSS
Exploits1References2
OSV
OSV
added 2021/06/22 3:17 p.m.30 views

GHSA-MRWR-2945-FR22 Cross-site scripting in PageKit

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...

5.4CVSS5.2AI score0.00541EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2021/06/22 3:17 p.m.56 views

Cross-site scripting in PageKit

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...

5.4CVSS5.2AI score0.00541EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2021/06/18 12:0 a.m.17 views

PageKit Cross-Site Scripting Vulnerability

Pagekit is a modular, lightweight CMS content management system. pageKit has a cross-site scripting vulnerability, which stems from the fact that SVG files may contain malicious scripts that can be exploited by attackers to trigger XSS attacks...

5.4CVSS2.8AI score0.00541EPSS
Exploits1References1
Veracode
Veracode
added 2021/06/17 6:25 a.m.18 views

Cross-Site Scripting (XSS)

pagekit/pagekit is vulnerable to cross-site scripting XSS. An attacker is able to upload malicious SVG files that would be rendered when a user visits the link pointing to the file...

5.4CVSS1.8AI score0.00541EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/06/16 9:15 p.m.20 views

CVE-2021-32245

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...

5.4CVSS0.00541EPSS
Exploits1References1
OSV
OSV
added 2021/06/16 9:15 p.m.12 views

CVE-2021-32245

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...

5.4CVSS6AI score
Exploits0References1
Prion
Prion
added 2021/06/16 9:15 p.m.16 views

Design/Logic Flaw

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...

3.5CVSS5.2AI score0.00541EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/06/16 8:37 p.m.22 views

CVE-2021-32245

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...

5.5AI score0.00541EPSS
Exploits1References1
CVE
CVE
added 2021/06/16 8:37 p.m.86 views

CVE-2021-32245

PageKit CMS is affected by CVE-2021-32245. In PageKit v1.0.18, SVG uploads can contain malicious scripts that are not stripped, allowing an attacker to craft a link to /storage/exp.svg that, when clicked, triggers a cross-site scripting (XSS) payload. The vulnerability is corroborated across mult...

5.4CVSS5.1AI score0.00541EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/06/16 12:0 a.m.7 views

Pagekit 跨站脚本漏洞

Pagekit is a modular, lightweight CMS content management system. pageKit has a cross-site scripting vulnerability, which stems from the fact that SVG files may contain malicious scripts that can be exploited by attackers to trigger XSS attacks...

5.4CVSS5.1AI score0.00541EPSS
Exploits1References2
Veracode
Veracode
added 2019/11/25 2:6 a.m.15 views

Cross-Site Request Forgery (CSRF)

pagekit/pagekit is vulnerable to cross-site request forgery CSRF. The application does not properly validate the csrf value in the POST request to upload a file, allowing a remote attacker to upload a file on behalf of the user when an authenticated user is tricked into visiting a malicious site...

8.8CVSS3AI score0.00764EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2019/11/22 4:15 p.m.16 views

CVE-2019-19013

A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request...

8.8CVSS8.6AI score0.00764EPSS
Exploits2References1
OSV
OSV
added 2019/11/22 4:15 p.m.12 views

CVE-2019-19013

A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request...

8.8CVSS6.9AI score
Exploits0References1
Rows per page
Query Builder