[Japanese]
|
JVNDB-2025-000021
|
Multiple vulnerabilities in PowerCMS
|
PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below.
- Injection (CWE-74) - CVE-2025-29993
- Dependency on vulnerable third-party component (CWE-1395) - CVE-2021-21252
Alfasado Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Alfasado Inc. coordinated under the Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 5.3 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-29993
|
|
Alfasado Inc.
- PowerCMS 6.6 and earlier (PowerCMS 6.x series)
- PowerCMS 5.27 and earlier (PowerCMS 5.x series)
- PowerCMS 4.58 and earlier (PowerCMS 4.x series)
|
|
- The affected product may be directed to send email to a user, such as password reset mail, with a tampered URL (CVE-2025-29993)
- The vulnerability (CVE-2021-21252) in jQuery Validation plugin used in the product may be exploited to cause a denial-of-service (DoS) condition
|
[Update the Software]
Update the software to the latest version according to the information provided by the developer.
|
Alfasado Inc.
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2025-29993
|
- JVN : JVN#39026557
|
- [2025/03/26]
Web page was published
|