CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

WordPress plugin All in One Time Clock Lite 跨站脚本漏洞

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee's working hours and supports employee/volunteer/contractor attendance recording and report generation. The WordPress All in One Time Clock Lite plugin suffers from a cross-site scripting vulnerability that stems from th...

CVE-2025-45778

A stored cross-site scripting XSS vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field...

WordPress plugin BlockSpare 跨站脚本漏洞

WordPress Blockspare plugin is a visual page builder plugin for WordPress that focuses on simplifying the website building process through drag and drop operations. WordPress Blockspare plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

WordPress plugin SureForms 安全漏洞

WordPress SureForms plugin is designed for WordPress visual form builder plugin , support drag and drop operation , no programming foundation can quickly build responsive form . WordPress SureForms plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-18563)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through crafted requests. An attacker can execute arbitrary scripts in the context of a user's browser by submitting crafted input to the title, categoryTitle, or tmpTag parameters. Details Cross-site scripting ...

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...

CVE-2025-36563

CVE-2025-36563 is a reflected cross-site scripting vulnerability affecting PowerCMS in multiple versions. Exploitation requires a user (administrator or general user per vector) to access a crafted URL, allowing arbitrary script execution in the browser. CVSS metrics specify MEDIUM severity (olde...

CVE-2025-41391

CVE-2025-41391 is a stored cross-site scripting vulnerability in PowerCMS. The issue allows an arbitrary script to execute in a browser when a product user accesses a malicious page. Connected sources confirm PowerCMS (Alfasado Inc.) as affected and describe multiple PowerCMS pages/versions as im...

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

CVE-2025-54757

CVE-2025-54757 affects PowerCMS. Unrestricted upload of files allows a product user-uploaded file to contain dangerous content, potentially enabling an arbitrary script when an administrator opens the malicious file in the browser. The root issue is unsafe handling of file uploads that can be man...

WordPress plugin GiveWP 跨站脚本漏洞

WordPress GiveWP plugin is an open source online donation system plugin, mainly used to help the website to realize the online fundraising function. WordPress GiveWP plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...

CVE-2025-26064

CVE-2025-26064 is an XSS vulnerability affecting Intelbras RX1500 (v2.2.9) and RX3000 (v1.0.11). The root cause is unvalidated/crafted input in the name of a connected device, allowing attackers to execute arbitrary web scripts or HTML in the web management interface. Impact is web-based, with po...

PT-2025-31481 · Powercms · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS affected versions not specified Description: Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a user, an arbitrary script may be executed in...