118 matches found
Alfasado PowerCMS 路径遍历漏洞
Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A path traversal vulnerability exists in Alfasado PowerCMS, which stems from a path traversal in the file upload function that could lead to overwriting arbitrary files...
CVE-2021-20850
PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series End-of-Life, EOL allows a remote attacker to execute an arbitrary OS command via unspecified vectors...
CVE-2019-6020
Open redirect vulnerability in PowerCMS 5.12 and earlier PowerCMS 5.x, 4.42 and earlier PowerCMS 4.x, and 3.293 and earlier PowerCMS 3.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL...
CVE-2025-29993
The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...
CVE-2025-29993
The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...
CVE-2025-29993
The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...
CVE-2025-29993
The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...
CVE-2025-29993
CVE-2025-29993 affects PowerCMS versions PowerCMS 6.6 and earlier, PowerCMS 5.27 and earlier, and PowerCMS 4.58 and earlier. The vulnerability is an HTTP header injection flaw in PowerCMS that can cause the product to send emails (e.g., password reset) containing tampered URLs. The root cause is ...
Multiple vulnerabilities in PowerCMS
Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 - CVE-2025-29993 Dependency on vulnerable third-party component CWE-1395 - CVE-2021-21252 Alfasado Inc. reported this vulnerability to IPA to notify users of its solution through JVN...
Alfasado PowerCMS 注入漏洞
Alfasado PowerCMS is a content management system CMS from Alfasado Japan. Alfasado PowerCMS suffers from an injection vulnerability that originates from an attacker who may be able to exploit the vulnerability to obtain sensitive information or perform malicious actions by injecting special...
JVN#39026557: Multiple vulnerabilities in PowerCMS
PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-29993 The product improperly processes HTTP headers. Dependency on vulnerable third-party component CWE-1395 jQuery Validation...
The vulnerability of the CMS system PowerCMS, related to the use of open redirection, allows attackers to redirect users to arbitrary websites.
The vulnerability of the CMS system PowerCMS is related to the use of open redirection. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary websites using a specially created URL address...
Multiple vulnerabilities in PowerCMS
Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen CWE-79 - CVE-2023-49117 Open redirect vulnerability in the members' site CWE-601 - CVE-2023-50297 Alfasado Inc. reported these...
CVE-2023-50297
Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...
CVE-2023-50297
Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...
CVE-2023-49117
PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...
CVE-2023-49117
PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...
Cross site scripting
PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...
Open redirect
Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...
CVE-2023-50297
Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...