CVE-2022-36573

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Pagekit CMS version 1.0.18

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under the "/blog/post/edit" API endpoint. The Markdown text box is the vulnerable parameter.

Recommendations For Pagekit CMS version 1.0.18, consider disabling the Markdown text box under the "/blog/post/edit" API endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the Markdown text box in the affected API endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-36573

GHSA-Q6H8-QJJC-J8CG

Affected Products

Pagekit Cms

CVE-2022-36573

Weakness Enumeration

Related Identifiers

Affected Products

References · 8