CVE-2014-8069

Name of the Vulnerable Software and Affected Versions YOOtheme Pagekit CMS version 0.8.7

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the HTTP Referer header to "index.php/user" or the PATH INFO to "index.php".

Recommendations For YOOtheme Pagekit CMS version 0.8.7, consider updating to a newer version that addresses these XSS vulnerabilities. As a temporary workaround, restrict access to the "index.php/user" and "index.php" endpoints to minimize the risk of exploitation. Avoid using the HTTP Referer header and PATH INFO in these affected endpoints until the issue is resolved.