CVE-2025-54757

Medium CVSS: 5.1

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.

Vendor

Alfasado

Product

Powercms

CWE

CWE-434

Yayın Tarihi

2025-07-31 08:15:25

Güncelleme

2025-08-06 16:41:45

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-434 Powercms MEDIUM Alfasado 2025

Referanslar

https://jvn.jp/en/vu/JVNVU93412964/ https://www.powercms.jp/news/release-powercms-671-531-461.html

Benzer Kayıtlar

High

CVE-2025-46359

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator ma…

Medium

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malform…

Medium

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a maliciou…

Medium

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwri…

Medium

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesse…