Lucene search
K

118 matches found

CNNVD
CNNVD
added 2025/07/31 12:0 a.m.4 views

Alfasado PowerCMS 路径遍历漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A path traversal vulnerability exists in Alfasado PowerCMS, which stems from a path traversal in the file upload function that could lead to overwriting arbitrary files...

6.5CVSS7.1AI score0.00371EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:17 p.m.10 views

CVE-2021-20850

PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series End-of-Life, EOL allows a remote attacker to execute an arbitrary OS command via unspecified vectors...

9.8CVSS7.5AI score0.01486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:44 a.m.14 views

CVE-2019-6020

Open redirect vulnerability in PowerCMS 5.12 and earlier PowerCMS 5.x, 4.42 and earlier PowerCMS 4.x, and 3.293 and earlier PowerCMS 3.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL...

6.1CVSS7AI score0.00851EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/29 9:35 a.m.16 views

CVE-2025-29993

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...

5.3CVSS7.7AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2025/03/27 10:15 a.m.15 views

CVE-2025-29993

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...

5.3CVSS0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/27 9:6 a.m.9 views

CVE-2025-29993

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...

5.3CVSS5.7AI score0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/27 9:6 a.m.17 views

CVE-2025-29993

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...

5.3CVSS0.00268EPSS
Exploits0References2
CVE
CVE
added 2025/03/27 9:6 a.m.81 views

CVE-2025-29993

CVE-2025-29993 affects PowerCMS versions PowerCMS 6.6 and earlier, PowerCMS 5.27 and earlier, and PowerCMS 4.58 and earlier. The vulnerability is an HTTP header injection flaw in PowerCMS that can cause the product to send emails (e.g., password reset) containing tampered URLs. The root cause is ...

5.3CVSS7.3AI score0.00268EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/03/26 9:13 a.m.4 views

Multiple vulnerabilities in PowerCMS

Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 - CVE-2025-29993 Dependency on vulnerable third-party component CWE-1395 - CVE-2021-21252 Alfasado Inc. reported this vulnerability to IPA to notify users of its solution through JVN...

7.5CVSS7.1AI score0.03532EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.5 views

Alfasado PowerCMS 注入漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. Alfasado PowerCMS suffers from an injection vulnerability that originates from an attacker who may be able to exploit the vulnerability to obtain sensitive information or perform malicious actions by injecting special...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/03/26 12:0 a.m.23 views

JVN#39026557: Multiple vulnerabilities in PowerCMS

PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-29993 The product improperly processes HTTP headers. Dependency on vulnerable third-party component CWE-1395 jQuery Validation...

7.5CVSS7.2AI score0.03532EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/01/18 12:0 a.m.6 views

The vulnerability of the CMS system PowerCMS, related to the use of open redirection, allows attackers to redirect users to arbitrary websites.

The vulnerability of the CMS system PowerCMS is related to the use of open redirection. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary websites using a specially created URL address...

5CVSS6AI score0.00402EPSS
Exploits0References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/26 7:46 a.m.18 views

Multiple vulnerabilities in PowerCMS

Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen CWE-79 - CVE-2023-49117 Open redirect vulnerability in the members' site CWE-601 - CVE-2023-50297 Alfasado Inc. reported these...

6.1CVSS5.9AI score0.00402EPSS
Exploits0References9
OSV
OSV
added 2023/12/26 6:15 a.m.3 views

CVE-2023-50297

Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...

6.1CVSS5.9AI score0.00402EPSS
Exploits0References2
NVD
NVD
added 2023/12/26 6:15 a.m.12 views

CVE-2023-50297

Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...

6.1CVSS0.00402EPSS
Exploits0References2
NVD
NVD
added 2023/12/26 6:15 a.m.14 views

CVE-2023-49117

PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...

5.4CVSS0.00298EPSS
Exploits0References2
OSV
OSV
added 2023/12/26 6:15 a.m.2 views

CVE-2023-49117

PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...

5.4CVSS5.6AI score
Exploits0References2
Prion
Prion
added 2023/12/26 6:15 a.m.21 views

Cross site scripting

PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...

4.9CVSS6.2AI score0.00298EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/12/26 6:15 a.m.18 views

Open redirect

Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...

5.8CVSS7.2AI score0.00402EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/26 5:53 a.m.12 views

CVE-2023-50297

Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...

7.2AI score0.00402EPSS
Exploits0References2
Rows per page
Query Builder