CVE-2019-16669
- EPSS 1.11%
- Veröffentlicht 21.09.2019 19:15:10
- Zuletzt bearbeitet 21.11.2024 04:30:56
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
CVE-2018-14381
- EPSS 0.96%
- Veröffentlicht 18.07.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:48:57
Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability.
CVE-2018-11564
- EPSS 3.17%
- Veröffentlicht 02.06.2018 01:29:05
- Zuletzt bearbeitet 21.11.2024 03:43:37
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and...
CVE-2017-5594
- EPSS 6.97%
- Veröffentlicht 25.01.2017 18:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureL...