CVE-2025-41396

Medium CVSS: 5.3

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.

Vendor

Product

CWE

Yayın Tarihi

2025-07-31 08:15:24

Güncelleme

2025-08-06 16:51:55

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

CWE-22 Powercms MEDIUM Alfasado 2025

https://jvn.jp/en/vu/JVNVU93412964/ https://www.powercms.jp/news/release-powercms-671-531-461.html

High

CVE-2025-46359

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator ma…

Medium

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malform…

Medium

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malici…

Medium

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a maliciou…

Medium

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesse…