This host is running Pagekit CMS and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server, and redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choice. Impact Level: Application

No solution or patch is available as of 30th January, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.pagekit.com

Multiple errors exists due to, - The application does not validate the 'logout' parameter upon submission to the index.php script. - The 'index.php' script does not validate input passed via the URL or the referer header before returning it to users.

YOOtheme Pagekit CMS version 0.8.7

Send a crafted data via HTTP GET request and check whether it redirects to the arbitrary website.

• http://packetstormsecurity.com/files/128641
• http://www.osvdb.com/113155
• http://www.osvdb.com/113156

---

Updated on 2015-03-25