Description
Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.powercms.jp/news/release-powercms-201910.html
Third Party Advisory x_refsource_misc
http://jvn.jp/en/jp/JVN34634458/index.html
Scores
CVSS v3
6.1
EPSS
0.0085
EPSS Percentile
53.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
alfasado/powercms
3.01 - 3.293
Published
Dec 26, 2019
Tracked Since
Feb 18, 2026