Vulnerabilities > CVE-2014-8070 - Unspecified vulnerability in Yootheme Pagekit 0.8.7

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

yootheme

NVD

Published: 2014-10-14

Updated: 2014-10-21

Summary

Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to index.php/user/logout. <a href = "http://cwe.mitre.org/data/definitions/601.html"> CWE-601: URL Redirection to Untrusted Site ('Open Redirect') </a>

Vulnerable Configurations

Part	Description	Count
Application	Yootheme Yootheme Pagekit 0.8.7	1

Packetstorm

data source	https://packetstormsecurity.com/files/download/128641/pagekit087-xssredirect.txt
id	PACKETSTORM:128641
last seen	2016-12-05
published	2014-10-13
reporter	Mahendra
source	https://packetstormsecurity.com/files/128641/Pagekit-0.8.7-Cross-Site-Scripting-Open-Redirect.html
title	Pagekit 0.8.7 Cross Site Scripting / Open Redirect

References

http://packetstormsecurity.com/files/128641/Pagekit-0.8.7-Cross-Site-Scripting-Open-Redirect.html