CVE-2023-49117 Information

Description

PowerCMS (6 Series 5 Series and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited an arbitrary script may be executed on a logged-in user’s web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life EOL) are also affected by this vulnerability.

Reference

https://www.powercms.jp/news/release-powercms-202312.html https://jvn.jp/en/jp/JVN32646742/