CVE-2025-54752

Medium CVSS: 4.8

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed.

Vendor

Alfasado

Product

Powercms

CWE

CWE-1236

Yayın Tarihi

2025-07-31 08:15:25

Güncelleme

2025-08-06 16:41:58

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-1236 Powercms MEDIUM Alfasado 2025

Referanslar

https://jvn.jp/en/vu/JVNVU93412964/ https://www.powercms.jp/news/release-powercms-671-531-461.html

Benzer Kayıtlar

High

CVE-2025-46359

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator ma…

Medium

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malici…

Medium

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a maliciou…

Medium

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwri…

Medium

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesse…