CVE-2025-41391

Medium CVSS: 5.1

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.

Vendor

Alfasado

Product

Powercms

CWE

CWE-79

Yayın Tarihi

2025-07-31 08:15:24

Güncelleme

2025-08-06 16:52:18

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-79 Powercms MEDIUM Alfasado 2025

Referanslar

https://jvn.jp/en/vu/JVNVU93412964/ https://www.powercms.jp/news/release-powercms-671-531-461.html

Benzer Kayıtlar

High

CVE-2025-46359

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator ma…

Medium

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malform…

Medium

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malici…

Medium

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwri…

Medium

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesse…