Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AlfasadoPowercms6.0

9 matches found

CVE
CVEadded 2022/09/08 8:15 a.m.468 views

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as fo...

9.8CVSS9.6AI score0.05225EPSS
CVE
CVEadded 2023/12/26 6:15 a.m.39 views

CVE-2023-50297

Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affecte...

6.1CVSS6.2AI score0.00323EPSS
CVE
CVEadded 2023/12/26 6:15 a.m.35 views

CVE-2023-49117

PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EO...

5.4CVSS5.3AI score0.002EPSS
CVE
CVEadded 2025/07/31 8:15 a.m.10 views

CVE-2025-46359

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.

8.6CVSS7.4AI score0.00146EPSS
CVE
CVEadded 2025/07/31 8:15 a.m.8 views

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.

6.1CVSS6AI score0.00035EPSS
CVE
CVEadded 2025/07/31 8:15 a.m.7 views

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.

6.5CVSS6.6AI score0.00062EPSS
CVE
CVEadded 2025/07/31 8:15 a.m.7 views

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.

8CVSS6.8AI score0.00046EPSS
CVE
CVEadded 2025/07/31 8:15 a.m.6 views

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.

5.4CVSS5.9AI score0.00035EPSS
CVE
CVEadded 2025/07/31 8:15 a.m.6 views

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed.

8CVSS6.7AI score0.00046EPSS