CVE-2025-29993

MEDIUM Year: 2025
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail.

Related Vulnerabilities

CVE-2010-4658

MEDIUM
CVSS:5.3(Medium)

statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.

CWE-742010

CVE-2011-3624

MEDIUM
CVSS:5.3(Medium)

Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote a...

CWE-742011

CVE-2013-4578

MEDIUM
CVSS:5.3(Medium)

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper fil...

CWE-742013

CVE-2013-7324

MEDIUM
CVSS:5.3(Medium)

Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavio...

CWE-742013

CVE-2016-11068

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.

CWE-742016

CVE-2017-7848

MEDIUM
CVSS:5.3(Medium)

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.

CWE-742017