Описание
PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.55 (исключая)Версия от 5.0 (включая) до 5.25 (исключая)Версия от 6.0 (включая) до 6.31 (включая)
Одно из
cpe:2.3:a:alfasado:powercms:*:*:*:*:*:*:*:*
cpe:2.3:a:alfasado:powercms:*:*:*:*:*:*:*:*
cpe:2.3:a:alfasado:powercms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.002
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 2 лет назад
PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
EPSS
Процентиль: 42%
0.002
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79