CVE-2025-36563

Summary

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.

Affected Software

VendorProductVersion RangeStatus
Alfasado Inc.PowerCMS6.7 and earlier (PowerCMS 6.x series)affected
Alfasado Inc.PowerCMS5.3 and earlier (PowerCMS 5.x series)affected
Alfasado Inc.PowerCMS4.6 and earlier (PowerCMS 4.x series)affected

Weaknesses

  • CWE-79: Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References