CVE-2025-36563_CVE-2025-36563

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.

Basic Information

ID CVE-2025-36563

Source jpcert

Published Jul 31, 2025 at 07:25

Modified Jul 31, 2025 at 13:24

Affected Product

Vendor Alfasado Inc.

Product PowerCMS

Version 6.7 and earlier (PowerCMS 6.x series)

Affected Versions Alfasado Inc. PowerCMS 6.7 and earlier (PowerCMS 6.x series)
Alfasado Inc. PowerCMS 5.3 and earlier (PowerCMS 5.x series)
Alfasado Inc. PowerCMS 4.6 and earlier (PowerCMS 4.x series)

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.",
    "published": "2025-07-31T07:25:44.979Z",
    "modified": "2025-07-31T13:24:12.574Z",
    "type": "cve",
    "title": "CVE-2025-36563",
    "source": "jpcert",
    "references": "https://www.powercms.jp/news/release-powercms-671-531-461.html\nhttps://jvn.jp/en/vu/JVNVU93412964/",
    "id": "CVE-2025-36563",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Alfasado Inc. PowerCMS 6.7 and earlier (PowerCMS 6.x series)\nAlfasado Inc. PowerCMS 5.3 and earlier (PowerCMS 5.x series)\nAlfasado Inc. PowerCMS 4.6 and earlier (PowerCMS 4.x series)",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PowerCMS",
    "version": "6.7 and earlier (PowerCMS 6.x series)",
    "vendor": "Alfasado Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}