118 matches found
PT-2025-31484 · Powercms · Powercms
Name of the Vulnerable Software and Affected Versions: PowerCMS affected versions not specified Description: A stored cross-site scripting issue exists in PowerCMS. Accessing a malicious page could allow for the execution of arbitrary scripts in the user's browser. Recommendations: At the moment,...
CVE-2021-20850
PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series End-of-Life, EOL allows a remote attacker to execute an arbitrary OS command via unspecified vectors...
CVE-2019-6020
Open redirect vulnerability in PowerCMS 5.12 and earlier PowerCMS 5.x, 4.42 and earlier PowerCMS 4.x, and 3.293 and earlier PowerCMS 3.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL...
CVE-2025-29993
The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...
CVE-2025-29993
The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...
CVE-2025-29993
CVE-2025-29993 affects PowerCMS versions PowerCMS 6.6 and earlier, PowerCMS 5.27 and earlier, and PowerCMS 4.58 and earlier. The vulnerability is an HTTP header injection flaw in PowerCMS that can cause the product to send emails (e.g., password reset) containing tampered URLs. The root cause is ...
CVE-2025-29993
The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...
CVE-2025-29993
The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...
Multiple vulnerabilities in PowerCMS
Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 - CVE-2025-29993 Dependency on vulnerable third-party component CWE-1395 - CVE-2021-21252 Alfasado Inc. reported this vulnerability to IPA to notify users of its solution through JVN...
Alfasado PowerCMS 注入漏洞
Alfasado PowerCMS is a content management system CMS from Alfasado Japan. Alfasado PowerCMS suffers from an injection vulnerability that originates from an attacker who may be able to exploit the vulnerability to obtain sensitive information or perform malicious actions by injecting special...
JVN#39026557: Multiple vulnerabilities in PowerCMS
PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-29993 The product improperly processes HTTP headers. Dependency on vulnerable third-party component CWE-1395 jQuery Validation...
The vulnerability of the CMS system PowerCMS, related to the use of open redirection, allows attackers to redirect users to arbitrary websites.
The vulnerability of the CMS system PowerCMS is related to the use of open redirection. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary websites using a specially created URL address...
Multiple vulnerabilities in PowerCMS
Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen CWE-79 - CVE-2023-49117 Open redirect vulnerability in the members' site CWE-601 - CVE-2023-50297 Alfasado Inc. reported these...
CVE-2023-50297
Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...
CVE-2023-49117
PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...
CVE-2023-49117
PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...
CVE-2023-50297
Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...
Cross site scripting
PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...
Open redirect
Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...
CVE-2023-50297
Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...