Vulnerabilities (CVE)

Filtered by vendor Alfasado Subscribe
Filtered by product Powercms
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-49117 1 Alfasado 1 Powercms 2024-02-05 N/A 5.4 MEDIUM
PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
CVE-2023-50297 1 Alfasado 1 Powercms 2024-02-05 N/A 6.1 MEDIUM
Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
CVE-2022-33941 1 Alfasado 1 Powercms 2024-02-04 N/A 9.8 CRITICAL
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as follows: PowerCMS 6.021 and earlier (PowerCMS 6 Series), PowerCMS 5.21 and earlier (PowerCMS 5 Series), and PowerCMS 4.51 and earlier (PowerCMS 4 Series). Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
CVE-2021-20850 1 Alfasado 1 Powercms 2024-02-04 7.5 HIGH 9.8 CRITICAL
PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.
CVE-2019-6020 1 Alfasado 1 Powercms 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.