Multiple XSS vulnerabilities in Pagekit CMS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2014-8069 CVE-2014-8070 |
| CWE-ID | CWE-79 CWE-601 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Pagekit CMS Web applications / CMS |
| Vendor | YOOtheme |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Cross-site scripting (XSS)
EUVDB-ID: #VU5376
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-8069
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionVulnerability allows a remote attacker to perform Cross-site scripting attacks.
An input validation error exists in YOOtheme Pagekit CMS 0.8.7 when processing the HTTP Referer header in index.php/user and when handling PATH_INFO variable in index.php. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Install update (version 0.8.8) from vendor's website.
Vulnerable software versionsPagekit CMS: 0.8.7
External linkshttp://packetstormsecurity.com/files/128641/Pagekit-0.8.7-Cross-Site-Scripting-Open-Redirect.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Open redirect
EUVDB-ID: #VU5377
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-8070
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform phishing attacks.
Open redirect vulnerability exists due to insufficient verification of URL when redirecting users during logout process in index.php/user/logout. A remote attacker can create a specially crafted link, trick the victim into following it and redirect the victim to malicious website.Successful exploitation of the vulnerability will allow to steal valid user's credentials and use the information to conduct further attacks.
Mitigation
Install the latest version from vendor's website.
Pagekit CMS: 0.8.7
External linkshttp://packetstormsecurity.com/files/128641/Pagekit-0.8.7-Cross-Site-Scripting-Open-Redirect.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
