Do Ich Nam

**Name of the Vulnerable Software and Affected Versions** baserCMS versions prior to 5.2.3 **Description** baserCMS is a website development framework. Prior to version 5.2.3, it contains a SQL injection flaw within blog posts. The issue allows for potential unauthorized access or modification of data through crafted SQL queries. The vulnerable component is related to the processing of blog post content. The `blog posts` functionality is affected. **Recommendations** Update baserCMS to version 5.2.3 or later.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions prior to 5.2.3 **Description** baserCMS is a website development framework that contains a DOM-based cross-site scripting issue in tag creation. **Recommendations** Update to version 5.2.3 or later.

**Name of the Vulnerable Software and Affected Versions** PowerCMS (affected versions not specified) **Description** A stored cross-site scripting issue exists in PowerCMS. Accessing a malicious page could allow for the execution of arbitrary scripts in the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PowerCMS (affected versions not specified) **Description** A path traversal issue exists in the file uploading feature of PowerCMS. A product user could overwrite arbitrary files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PowerCMS (affected versions not specified) **Description** Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a user, an arbitrary script may be executed in the browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PowerCMS (affected versions not specified) **Description** Multiple versions of PowerCMS improperly neutralize formula elements within a CSV file. A malicious user can create a crafted CSV entry. If a victim user downloads and opens this file in their environment, the embedded code may be executed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PowerCMS (affected versions not specified) **Description** A path traversal issue exists in the backup and restore feature of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PowerCMS (affected versions not specified) **Description** A reflected cross-site scripting issue exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed in the browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.