Lucene search
K

118 matches found

OSV
OSV
added 2025/07/31 8:15 a.m.6 views

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...

8CVSS5.8AI score0.00241EPSS
Exploits0References2
NVD
NVD
added 2025/07/31 8:15 a.m.5 views

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...

8CVSS0.00241EPSS
Exploits0References2
OSV
OSV
added 2025/07/31 8:15 a.m.2 views

CVE-2025-46359

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file...

8.6CVSS6.1AI score0.00578EPSS
Exploits0References2
OSV
OSV
added 2025/07/31 8:15 a.m.6 views

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

8CVSS5.8AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2025/07/31 8:15 a.m.6 views

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

8CVSS0.00211EPSS
Exploits0References2
OSV
OSV
added 2025/07/31 8:15 a.m.3 views

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

5.1CVSS5.7AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2025/07/31 8:15 a.m.5 views

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

5.4CVSS0.00174EPSS
Exploits0References2
NVD
NVD
added 2025/07/31 8:15 a.m.9 views

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...

6.5CVSS0.00371EPSS
Exploits0References2
OSV
OSV
added 2025/07/31 8:15 a.m.4 views

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...

6.5CVSS5.7AI score0.00371EPSS
Exploits0References2
NVD
NVD
added 2025/07/31 8:15 a.m.6 views

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...

6.1CVSS0.0019EPSS
Exploits0References2
OSV
OSV
added 2025/07/31 8:15 a.m.4 views

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...

5.3CVSS5.7AI score0.0019EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/31 7:25 a.m.4 views

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...

6.1CVSS6.2AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 2025/07/31 7:25 a.m.20 views

CVE-2025-36563

CVE-2025-36563 is a reflected cross-site scripting vulnerability affecting PowerCMS in multiple versions. Exploitation requires a user (administrator or general user per vector) to access a crafted URL, allowing arbitrary script execution in the browser. CVSS metrics specify MEDIUM severity (olde...

6.1CVSS6AI score0.0019EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/07/31 7:25 a.m.8 views

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...

6.1CVSS0.0019EPSS
Exploits0References2
CVE
CVE
added 2025/07/31 7:25 a.m.16 views

CVE-2025-41391

CVE-2025-41391 is a stored cross-site scripting vulnerability in PowerCMS. The issue allows an arbitrary script to execute in a browser when a product user accesses a malicious page. Connected sources confirm PowerCMS (Alfasado Inc.) as affected and describe multiple PowerCMS pages/versions as im...

5.4CVSS5.9AI score0.00174EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/31 7:25 a.m.4 views

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

5.4CVSS5.8AI score0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/31 7:25 a.m.8 views

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

5.4CVSS0.00174EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/31 7:24 a.m.3 views

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...

5.4CVSS7.1AI score0.00371EPSS
Exploits0References2
CVE
CVE
added 2025/07/31 7:24 a.m.19 views

CVE-2025-41396

PowerCMS (Alfasado PowerCMS) is affected by CVE-2025-41396 due to a path traversal vulnerability in the file-upload feature. The root cause allows a product user to overwrite arbitrary files on the system. Affected versions are multiple PowerCMS releases; impact is arbitrary file overwrite, with ...

6.5CVSS6.6AI score0.00371EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/07/31 7:24 a.m.8 views

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...

5.4CVSS0.00371EPSS
Exploits0References2
Rows per page
Query Builder