Pagekit

pagekit

13 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-67165 1Pagekit 1Pagekit Jan 2, 2026 Dec 17, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
CVE-2025-67164 1Pagekit 1Pagekit Jan 2, 2026 Dec 17, 2025 N/A· v4 9.9 CRITICAL· v3 N/A· v2 An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-45967 1Pagekit 1Pagekit May 6, 2025 Oct 1, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.
CVE-2023-41005 1Pagekit 1Pagekit Nov 21, 2024 Aug 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
CVE-2022-38916 1Pagekit 1Pagekit May 27, 2025 Sep 20, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files
CVE-2022-36573 1Pagekit 1Pagekit Nov 21, 2024 Aug 29, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit.
CVE-2021-44135 1Pagekit 1Pagekit Nov 21, 2024 Apr 1, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.
CVE-2021-32245 1Pagekit 1Pagekit Nov 21, 2024 Jun 16, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The...Show more In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that will point to http://localhost/pagekit/storage/exp.svg. When a user comes along to click that link, it will trigger a XSS attack.Show less
CVE-2019-19013 1Pagekit 1Pagekit Nov 21, 2024 Nov 22, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request.
CVE-2019-16669 1Pagekit 1Pagekit Nov 21, 2024 Sep 21, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
CVE-2018-14381 1Pagekit 1Pagekit Nov 21, 2024 Jul 18, 2018 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability.
CVE-2018-11564 1Pagekit 1Pagekit Nov 21, 2024 Jun 2, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will...Show more Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.Show less
CVE-2017-5594 1Pagekit 1Pagekit May 13, 2026 Jan 25, 2017 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered u...Show more An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.Show less