PowerCMS
by PowerCMS
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-36563 | 0.00 | — | 0.00 | Jul 31, 2025 | Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser. | |||
| CVE-2025-41391 | 0.00 | — | 0.00 | Jul 31, 2025 | Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser. | |||
| CVE-2025-41396 | 0.00 | — | 0.00 | Jul 31, 2025 | A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user. | |||
| CVE-2025-46359 | 0.00 | — | 0.00 | Jul 31, 2025 | A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file. | |||
| CVE-2025-54757 | 0.00 | — | 0.00 | Jul 31, 2025 | Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser. |
- CVE-2025-36563Jul 31, 2025risk 0.00cvss —epss 0.00
Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.
- CVE-2025-41391Jul 31, 2025risk 0.00cvss —epss 0.00
Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.
- CVE-2025-41396Jul 31, 2025risk 0.00cvss —epss 0.00
A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.
- CVE-2025-46359Jul 31, 2025risk 0.00cvss —epss 0.00
A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.
- CVE-2025-54757Jul 31, 2025risk 0.00cvss —epss 0.00
Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.