CVE-2025-41391
📋 TL;DR
A stored cross-site scripting (XSS) vulnerability in PowerCMS allows attackers to inject malicious scripts that execute in users' browsers when viewing compromised content. This affects all PowerCMS users who access pages containing the malicious payload. The vulnerability requires user interaction but can lead to session hijacking or credential theft.
💻 Affected Systems
- PowerCMS
📦 What is this software?
Powercms by Alfasado
Powercms by Alfasado
Powercms by Alfasado
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator session cookies, gain full control of the CMS, deface websites, or install backdoors for persistent access.
Likely Case
Attackers hijack user sessions, steal credentials, redirect users to malicious sites, or perform actions on behalf of authenticated users.
If Mitigated
Limited impact with proper input validation and output encoding, potentially only affecting non-sensitive user data.
🎯 Exploit Status
Exploitation requires the attacker to have content creation privileges or exploit another vulnerability first. Once malicious content is stored, any user viewing it triggers the XSS.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: PowerCMS 6.7.1, 5.3.1, 4.6.1
Vendor Advisory: https://www.powercms.jp/news/release-powercms-671-531-461.html
Restart Required: Yes
Instructions:
1. Backup your PowerCMS installation and database. 2. Download the patched version from the official vendor site. 3. Replace all files with the patched version. 4. Restart the web server. 5. Verify the update by checking the version in the admin panel.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize user-supplied content before storage
Content Security Policy
allImplement CSP headers to restrict script execution sources
Add to web server config: Content-Security-Policy: default-src 'self'; script-src 'self'
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads
- Restrict content creation privileges to trusted users only
🔍 How to Verify
Check if Vulnerable:
Check PowerCMS version in admin panel or via version.php file. If version is below 6.7.1, 5.3.1, or 4.6.1, system is vulnerable.Check Version:
Check /version.php or admin panel → System InformationVerify Fix Applied:
After patching, verify version shows 6.7.1, 5.3.1, or 4.6.1 in admin panel. Test content submission with basic XSS payloads to confirm sanitization.📡 Detection & Monitoring
Log Indicators:
- Unusual content submissions with script tags
- Multiple failed login attempts after content updates
- Admin panel access from unexpected locations
Network Indicators:
- Outbound connections to suspicious domains after page views
- Unexpected redirects in HTTP traffic
SIEM Query:
web.url:*script* AND web.method:POST AND destination.port:80 OR destination.port:443