CVE-2021-32245

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32245
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32245.json
Aliases
Published
2021-06-16T21:15:08Z
Modified
2024-05-14T08:15:04.929756Z
Summary
[none]
Details

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that will point to http://localhost/pagekit/storage/exp.svg. When a user comes along to click that link, it will trigger a XSS attack.

References

Affected packages

Git / github.com/pagekit/pagekit

Affected ranges

Type
GIT
Repo
https://github.com/pagekit/pagekit
Events
Introduced
0The exact introduced commit is unknown
Last affected
95446c5f08fc43993fad5e2b581743ffcce50c35

Affected versions

0.*

0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.11.0
0.11.1
0.11.2
0.11.3
0.8.8
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5

1.*

1.0.0
1.0.1
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9