Vulnerabilidades en Alfasado Inc.
12 resultadosCVE-2022-33941—PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST methodEPSS 1.7%CVE-2021-20850—PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life,EPSS 1.5%CVE-2019-6020—Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.EPSS 0.9%CVE-2025-46359HIGHA path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary EPSS 0.5%CVE-2023-50297—Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbEPSS 0.4%CVE-2025-41396MEDIUMA path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product usEPSS 0.3%CVE-2023-49117—PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbEPSS 0.3%CVE-2025-29993MEDIUMThe affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send emEPSS 0.2%CVE-2025-54752MEDIUMMultiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victiEPSS 0.2%CVE-2025-54757MEDIUMMultiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded byEPSS 0.2%CVE-2025-36563MEDIUMReflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an EPSS 0.2%CVE-2025-41391MEDIUMStored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitraryEPSS 0.2%