CVE-2025-41391_CVE-2025-41391

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.

Basic Information

ID CVE-2025-41391

Source jpcert

Published Jul 31, 2025 at 07:25

Modified Jul 31, 2025 at 14:23

Affected Product

Vendor Alfasado Inc.

Product PowerCMS

Version 6.7 and earlier (PowerCMS 6.x series)

Affected Versions Alfasado Inc. PowerCMS 6.7 and earlier (PowerCMS 6.x series)
Alfasado Inc. PowerCMS 5.3 and earlier (PowerCMS 5.x series)
Alfasado Inc. PowerCMS 4.6 and earlier (PowerCMS 4.x series)

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.",
    "published": "2025-07-31T07:25:10.798Z",
    "modified": "2025-07-31T14:23:47.388Z",
    "type": "cve",
    "title": "CVE-2025-41391",
    "source": "jpcert",
    "references": "https://www.powercms.jp/news/release-powercms-671-531-461.html\nhttps://jvn.jp/en/vu/JVNVU93412964/",
    "id": "CVE-2025-41391",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Alfasado Inc. PowerCMS 6.7 and earlier (PowerCMS 6.x series)\nAlfasado Inc. PowerCMS 5.3 and earlier (PowerCMS 5.x series)\nAlfasado Inc. PowerCMS 4.6 and earlier (PowerCMS 4.x series)",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PowerCMS",
    "version": "6.7 and earlier (PowerCMS 6.x series)",
    "vendor": "Alfasado Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}