118 matches found
CVE-2025-54752
Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...
CVE-2025-54752
Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...
CVE-2025-46359
A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file...
CVE-2025-54757
Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...
CVE-2025-54757
Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...
CVE-2025-41391
Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...
CVE-2025-41391
Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...
CVE-2025-41396
A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...
CVE-2025-41396
A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...
CVE-2025-36563
Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...
CVE-2025-36563
Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...
CVE-2025-36563
Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...
CVE-2025-36563
CVE-2025-36563 is a reflected cross-site scripting vulnerability affecting PowerCMS in multiple versions. Exploitation requires a user (administrator or general user per vector) to access a crafted URL, allowing arbitrary script execution in the browser. CVSS metrics specify MEDIUM severity (olde...
CVE-2025-36563
Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...
CVE-2025-41391
CVE-2025-41391 is a stored cross-site scripting vulnerability in PowerCMS. The issue allows an arbitrary script to execute in a browser when a product user accesses a malicious page. Connected sources confirm PowerCMS (Alfasado Inc.) as affected and describe multiple PowerCMS pages/versions as im...
CVE-2025-41391
Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...
CVE-2025-41391
Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...
CVE-2025-41396
A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...
CVE-2025-41396
PowerCMS (Alfasado PowerCMS) is affected by CVE-2025-41396 due to a path traversal vulnerability in the file-upload feature. The root cause allows a product user to overwrite arbitrary files on the system. Affected versions are multiple PowerCMS releases; impact is arbitrary file overwrite, with ...
CVE-2025-41396
A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...