Published: 02/06/2018 Updated: 05/07/2018

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Stored XSS in YOOtheme Pagekit 1.0.13 and previous versions allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pagekit pagekit

# Title: Pagekit < 1013 - Cross-Site Scripting Code Generator # Author : DEEPIN2 # Date: 2018-06-05 # Vendor: Pagekit # Sotware: pagekitcom/ # Version: < 1013 # CVE: 2018-11564 # python3 required def makesvg(name, code): code = '<exploit:script xmlns:exploit="wwww3org/1999/xhtml">' + code + '</exploit:script&g ...

PageKit CMS version 1013 suffers from a cross site scripting vulnerability ...

exploit tool of CVE-2018-11564

CVE-2018-11564 exploit tool of CVE-2018-11564

CWE-79 https://packetstormsecurity.com/files/148001/PageKit-CMS-1.0.13-Cross-Site-Scripting.html http://ruffsecurity.blogspot.com/2018/05/my-first-cve-found.html https://www.exploit-db.com/exploits/44837/https://nvd.nist.gov https://github.com/GeunSam2/CVE-2018-11564 https://www.exploit-db.com/exploits/44837/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-11564

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect