Lookup for vulnerable packages by Package URL.
| Purl | pkg:composer/pagekit/pagekit@1.0.16 |
|---|
| Type | composer |
|---|
| Namespace | pagekit |
|---|
| Name | pagekit |
|---|
| Version | 1.0.16 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | null |
|---|
| Latest_non_vulnerable_version | null |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-547d-prcv-ekc9 |
| vulnerability_id |
VCID-547d-prcv-ekc9 |
| summary |
Pagekit Cross-site Scripting vulnerability
Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45967 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43356 |
| published_at |
2026-06-07T12:55:00Z |
|
| 1 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43331 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43321 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.4337 |
| published_at |
2026-06-05T12:55:00Z |
|
| 4 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.4338 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45967 |
|
| 1 |
| reference_url |
https://github.com/pagekit/pagekit |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/pagekit/pagekit |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-45967, GHSA-xw32-6422-frqm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-547d-prcv-ekc9 |
|
| 1 |
| url |
VCID-8cnm-te58-dfdt |
| vulnerability_id |
VCID-8cnm-te58-dfdt |
| summary |
SQL injection
pagekit all versions, as of 2022-04-06, is vulnerable to SQL Injection via Comment listing. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44135 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00272 |
| scoring_system |
epss |
| scoring_elements |
0.50811 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00272 |
| scoring_system |
epss |
| scoring_elements |
0.50782 |
| published_at |
2026-06-04T12:55:00Z |
|
| 2 |
| value |
0.00272 |
| scoring_system |
epss |
| scoring_elements |
0.50842 |
| published_at |
2026-06-05T12:55:00Z |
|
| 3 |
| value |
0.00272 |
| scoring_system |
epss |
| scoring_elements |
0.50848 |
| published_at |
2026-06-06T12:55:00Z |
|
| 4 |
| value |
0.00272 |
| scoring_system |
epss |
| scoring_elements |
0.50826 |
| published_at |
2026-06-07T12:55:00Z |
|
| 5 |
| value |
0.00272 |
| scoring_system |
epss |
| scoring_elements |
0.50796 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44135 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-44135, GHSA-45hc-r4fj-qj89
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8cnm-te58-dfdt |
|
| 2 |
| url |
VCID-mpx5-sw52-qkhp |
| vulnerability_id |
VCID-mpx5-sw52-qkhp |
| summary |
Pagekit CMS is vulnerable to OS Command Injection via Storage component
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
The project is archived as of December 1, 2023. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-67164 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00112 |
| scoring_system |
epss |
| scoring_elements |
0.29273 |
| published_at |
2026-06-05T12:55:00Z |
|
| 1 |
| value |
0.00112 |
| scoring_system |
epss |
| scoring_elements |
0.29184 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00112 |
| scoring_system |
epss |
| scoring_elements |
0.29171 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.00112 |
| scoring_system |
epss |
| scoring_elements |
0.29205 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00112 |
| scoring_system |
epss |
| scoring_elements |
0.2924 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-67164 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-67164, GHSA-m4f2-xpfq-h97v
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mpx5-sw52-qkhp |
|
| 3 |
| url |
VCID-ut3j-qxt4-rqds |
| vulnerability_id |
VCID-ut3j-qxt4-rqds |
| summary |
Pagekit CMS has an Insecure Direct Object Reference (IDOR) in its User Role component
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
The project was archived as of December 1, 2023. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-67165 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31225 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31181 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31157 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31189 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00125 |
| scoring_system |
epss |
| scoring_elements |
0.31258 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-67165 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/pagekit/pagekit |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-17T18:31:33Z/ |
|
|
| url |
https://github.com/pagekit/pagekit |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-67165, GHSA-w3j8-9p3j-3wjx
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ut3j-qxt4-rqds |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | 4.5 |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:composer/pagekit/pagekit@1.0.16 |
|---|