CVE-2025-41391

Summary

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.

Affected Software

VendorProductVersion RangeStatus
Alfasado Inc.PowerCMS6.7 and earlier (PowerCMS 6.x series)affected
Alfasado Inc.PowerCMS5.3 and earlier (PowerCMS 5.x series)affected
Alfasado Inc.PowerCMS4.6 and earlier (PowerCMS 4.x series)affected

Weaknesses

  • CWE-79: Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References