CVE-2023-49117

Name of the Vulnerable Software and Affected Versions PowerCMS versions 4 Series through 6 Series PowerCMS versions 3 Series and earlier

Description The issue is a stored cross-site scripting vulnerability. If exploited, an arbitrary script may be executed on a logged-in user's web browser.

Recommendations For PowerCMS versions 4 Series through 6 Series, update to a version that includes a fix for this issue. For PowerCMS versions 3 Series and earlier, since these versions are End-of-Life and no longer supported, consider upgrading to a supported version of PowerCMS to mitigate the risk of exploitation. As a temporary workaround, consider implementing input validation and sanitization to minimize the risk of arbitrary script execution.