Lucene search
K

118 matches found

Cvelist
Cvelist
added 2023/12/26 5:53 a.m.15 views

CVE-2023-50297

Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...

6.4AI score0.00402EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/12/26 5:53 a.m.11 views

CVE-2023-50297

Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...

7.2AI score0.00402EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/26 5:53 a.m.14 views

CVE-2023-49117

PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...

5.7AI score0.00298EPSS
Exploits0References2
CVE
CVE
added 2023/12/26 5:53 a.m.42 views

CVE-2023-49117

PowerCMS (PowerCMS 4–6 Series; and 3 Series/EOL are affected) contains a stored cross-site scripting vulnerability (CVE-2023-49117) in the management screen. Exploitation could trigger arbitrary script execution in a logged-in user’s browser. Affected versions per JVN/Red Hat notes include PowerC...

5.4CVSS5.3AI score0.00298EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.3 views

Alfasado PowerCMS Security Vulnerability

Alfasado PowerCMS is a content management system CMS from the Japanese company Alfasado. A security vulnerability exists in Alfasado PowerCMS that originates from an open redirection vulnerability. An unauthenticated attacker can exploit the vulnerability to redirect users to arbitrary websites v...

6.1CVSS6.9AI score0.00402EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/26 12:0 a.m.30 views

JVN#32646742: Multiple vulnerabilities in PowerCMS

PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen CWE-79 - CVE-2023-49117 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

6.1CVSS6AI score0.00402EPSS
Exploits0
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.9 views

Alfasado PowerCMS Security Vulnerability

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A security vulnerability exists in Alfasado PowerCMS, which originates from a stored cross-site scripting XSS vulnerability. The vulnerability can be exploited by an attacker to execute arbitrary script in a logged-in user'...

5.4CVSS6.1AI score0.00298EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.5 views

PT-2023-31058 · Powercms · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS versions 4 Series through 6 Series PowerCMS versions 3 Series and earlier Description: The issue is a stored cross-site scripting vulnerability. If exploited, an arbitrary script may be executed on a logged-in user's web browser...

5.4CVSS5.3AI score0.00298EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.3 views

PT-2023-8311 · Powercms · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS versions 4 Series through 6 Series PowerCMS versions 3 Series and earlier Description: The issue is related to an open redirect vulnerability. It allows a remote attacker to redirect users to arbitrary web sites via a specially craft...

6.1CVSS6.3AI score0.00402EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2022/09/08 8:15 a.m.2 views

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

9.8CVSS6AI score0.01688EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/09/08 8:15 a.m.4 views

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

9.8CVSS5.9AI score0.01688EPSS
Exploits0References2
NVD
NVD
added 2022/09/08 8:15 a.m.36 views

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

9.8CVSS0.01688EPSS
Exploits0References2
Prion
Prion
added 2022/09/08 8:15 a.m.18 views

Command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

7.5CVSS9.7AI score0.01688EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/08 7:10 a.m.46 views

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

9.9AI score0.01688EPSS
Exploits0References2
CVE
CVE
added 2022/09/08 7:10 a.m.481 views

CVE-2022-33941

CVE-2022-33941 : PowerCMS XMLRPC API from Alfasado Inc. contains a command injection vulnerability reachable via POST requests, allowing arbitrary Perl script execution and potentially arbitrary OS commands. Affected: PowerCMS 6.021 and earlier, 5.21 and earlier, 4.51 and earlier; developer notes...

9.8CVSS9.6AI score0.01688EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/08 12:0 a.m.5 views

PT-2022-21927 · Alfasado · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS versions 6.021 and earlier PowerCMS versions 5.21 and earlier PowerCMS versions 4.51 and earlier PowerCMS 3 Series and earlier Description: The PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection issue. By...

9.8CVSS9.7AI score0.01688EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/02 6:49 a.m.3 views

PowerCMS XMLRPC API vulnerable to command injection

Overview PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the...

9.8CVSS7.6AI score0.01688EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/02 12:0 a.m.41 views

JVN#76024879: PowerCMS XMLRPC API vulnerable to command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the developer,...

9.8CVSS9.7AI score0.01688EPSS
Exploits0
CNNVD
CNNVD
added 2022/09/02 12:0 a.m.5 views

Alfasado PowerCMS 操作系统命令注入漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. An operating system command injection vulnerability exists in the Alfasado PowerCMS XMLRPC API, which stems from the inclusion of a command injection vulnerability, where sending a specially crafted message via the POST...

9.8CVSS8.9AI score0.01688EPSS
Exploits0References4
OSV
OSV
added 2021/11/24 4:15 p.m.3 views

CVE-2021-20850

PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series End-of-Life, EOL allows a remote attacker to execute an arbitrary OS command via unspecified vectors...

9.8CVSS6AI score0.01486EPSS
Exploits0References2
Rows per page
Query Builder