exploitDog

CVE-2021-32245

Опубликовано: 16 июн. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that will point to http://localhost/pagekit/storage/exp.svg. When a user comes along to click that link, it will trigger a XSS attack.

Ссылки

https://github.com/pagekit/pagekit/issues/963
Exploit
Issue Tracking
Third Party Advisory
https://github.com/pagekit/pagekit/issues/963
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pagekit:pagekit:1.0.18:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00191

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mrwr-2945-fr22

CVSS3: 5.4

github

больше 4 лет назад

Cross-site scripting in PageKit

EPSS

Процентиль: 41%

0.00191

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79