Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pagekit pagekit vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-38916
A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an malicious user to upload malicious files
Pagekit Pagekit 1.0.18
9.8
CVSSv3
CVE-2021-44135
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.
Pagekit Pagekit
8.8
CVSSv3
CVE-2019-19013
A CSRF vulnerability in Pagekit 1.0.17 allows an malicious user to upload an arbitrary file by removing the CSRF token from a request.
Pagekit Pagekit 1.0.17
7.8
CVSSv3
CVE-2023-41005
An issue in Pagekit pagekit v.1.0.18 alows a remote malicious user to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
Pagekit Pagekit 1.0.18
7.5
CVSSv3
CVE-2017-5594
An issue exists in Pagekit CMS prior to 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
Pagekit Pagekit
1 EDB exploit
6.1
CVSSv3
CVE-2022-36573
A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit.
Pagekit Pagekit 1.0.18
6.1
CVSSv3
CVE-2018-14381
Pagekit prior to 1.0.14 has a /user/login?redirect= open redirect vulnerability.
Pagekit Pagekit
5.4
CVSSv3
CVE-2021-32245
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/sto...
Pagekit Pagekit 1.0.18
5.4
CVSSv3
CVE-2018-18087
The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title...
Bixie Portfolio 1.2.0
5.3
CVSSv3
CVE-2019-16669
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for malicious users to enumerate accounts.
Pagekit Pagekit 1.0.17
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »