CVE Daily

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCM...

Medium CVSS 5.4

Overview

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.

CWE: CWE-79 Published: 2025-07-31T08:15:24.807
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.4 (MEDIUM)
  • Detected tags: xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags