118 matches found
CVE-2023-50297
Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...
CVE-2023-50297
Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...
CVE-2023-49117
PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...
CVE-2023-49117
PowerCMS (PowerCMS 4–6 Series; and 3 Series/EOL are affected) contains a stored cross-site scripting vulnerability (CVE-2023-49117) in the management screen. Exploitation could trigger arbitrary script execution in a logged-in user’s browser. Affected versions per JVN/Red Hat notes include PowerC...
Alfasado PowerCMS Security Vulnerability
Alfasado PowerCMS is a content management system CMS from the Japanese company Alfasado. A security vulnerability exists in Alfasado PowerCMS that originates from an open redirection vulnerability. An unauthenticated attacker can exploit the vulnerability to redirect users to arbitrary websites v...
JVN#32646742: Multiple vulnerabilities in PowerCMS
PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen CWE-79 - CVE-2023-49117 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...
Alfasado PowerCMS Security Vulnerability
Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A security vulnerability exists in Alfasado PowerCMS, which originates from a stored cross-site scripting XSS vulnerability. The vulnerability can be exploited by an attacker to execute arbitrary script in a logged-in user'...
PT-2023-31058 · Powercms · Powercms
Name of the Vulnerable Software and Affected Versions: PowerCMS versions 4 Series through 6 Series PowerCMS versions 3 Series and earlier Description: The issue is a stored cross-site scripting vulnerability. If exploited, an arbitrary script may be executed on a logged-in user's web browser...
PT-2023-8311 · Powercms · Powercms
Name of the Vulnerable Software and Affected Versions: PowerCMS versions 4 Series through 6 Series PowerCMS versions 3 Series and earlier Description: The issue is related to an open redirect vulnerability. It allows a remote attacker to redirect users to arbitrary web sites via a specially craft...
CVE-2022-33941
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...
CVE-2022-33941
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...
CVE-2022-33941
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...
Command injection
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...
CVE-2022-33941
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...
CVE-2022-33941
CVE-2022-33941 : PowerCMS XMLRPC API from Alfasado Inc. contains a command injection vulnerability reachable via POST requests, allowing arbitrary Perl script execution and potentially arbitrary OS commands. Affected: PowerCMS 6.021 and earlier, 5.21 and earlier, 4.51 and earlier; developer notes...
PT-2022-21927 · Alfasado · Powercms
Name of the Vulnerable Software and Affected Versions: PowerCMS versions 6.021 and earlier PowerCMS versions 5.21 and earlier PowerCMS versions 4.51 and earlier PowerCMS 3 Series and earlier Description: The PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection issue. By...
PowerCMS XMLRPC API vulnerable to command injection
Overview PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the...
JVN#76024879: PowerCMS XMLRPC API vulnerable to command injection
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the developer,...
Alfasado PowerCMS 操作系统命令注入漏洞
Alfasado PowerCMS is a content management system CMS from Alfasado Japan. An operating system command injection vulnerability exists in the Alfasado PowerCMS XMLRPC API, which stems from the inclusion of a command injection vulnerability, where sending a specially crafted message via the POST...
CVE-2021-20850
PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series End-of-Life, EOL allows a remote attacker to execute an arbitrary OS command via unspecified vectors...