Alfasado

Powercms

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-36563

  • EPSS 0.04%
  • Published 31.07.2025 07:25:44
  • Last modified 06.08.2025 16:52:31

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.

5.4

CVE-2025-41391

  • EPSS 0.04%
  • Published 31.07.2025 07:25:10
  • Last modified 06.08.2025 16:52:18

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.

6.5

CVE-2025-41396

  • EPSS 0.07%
  • Published 31.07.2025 07:24:20
  • Last modified 06.08.2025 16:51:55

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.

8.6

CVE-2025-46359

  • EPSS 0.15%
  • Published 31.07.2025 07:22:46
  • Last modified 06.08.2025 16:42:31

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.

8

CVE-2025-54752

  • EPSS 0.05%
  • Published 31.07.2025 07:21:57
  • Last modified 06.08.2025 16:41:58

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed.

8

CVE-2025-54757

  • EPSS 0.05%
  • Published 31.07.2025 07:20:30
  • Last modified 06.08.2025 16:41:45

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.

5.3

CVE-2025-29993

  • EPSS 0.04%
  • Published 27.03.2025 09:06:53
  • Last modified 27.03.2025 16:45:27

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail.

5.4

CVE-2023-49117

  • EPSS 0.2%
  • Published 26.12.2023 06:15:07
  • Last modified 21.11.2024 08:32:52

PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series a...

6.1

CVE-2023-50297

  • EPSS 0.32%
  • Published 26.12.2023 06:15:07
  • Last modified 21.11.2024 08:36:48

Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which ar...

9.8

CVE-2022-33941

  • EPSS 5.23%
  • Published 08.09.2022 08:15:07
  • Last modified 21.11.2024 07:08:39

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed...