Open Redirect Vulnerability in PowerCMS by PowerCMS Co.
CVE-2023-50297

6.1MEDIUM

Key Information:

Vendor: Alfasado Inc.
Status: Powercms (powercms 6 Series); Powercms (powercms 5 Series); Powercms (powercms 4 Series)
Vendor: CVE Published:; 26 December 2023

🔔 Create Alfasado Inc. Vulnerability Alert

What is CVE-2023-50297?

An open redirect vulnerability has been identified in PowerCMS versions 6, 5, and 4 Series, allowing remote unauthenticated attackers to redirect unsuspecting users to any arbitrary website through the use of a specially crafted URL. This flaw also affects older unsupported versions of PowerCMS 3 Series and earlier, which pose additional security risks. It’s crucial for users to be aware of this vulnerability to safeguard against potential exploitation and unauthorized redirection.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PowerCMS (PowerCMS 4 Series) 4.54 and earlier

PowerCMS (PowerCMS 5 Series) 5.24 and earlier

PowerCMS (PowerCMS 6 Series) 6.31 and earlier

References

https://www.powercms.jp/news/release-powercms-202312.html

https://jvn.jp/en/jp/JVN32646742/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 26, 2023
Vulnerability Reserved
Dec 21, 2023

JSON

Alfasado Inc.