2195 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/960grid process. An attacker can execute arbitrary scripts in the context of a user's browser by submitting...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/ace process. An attacker can execute arbitrary scripts in the context of a user's browser by submitting...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/dialogs process. An attacker can execute arbitrary scripts in the context of a user's browser by submitting...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/tree process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/rowmanager process. An attacker can execute arbitrary scripts in the context of a user's browser by submitti...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/richtexteditor process. An attacker can execute arbitrary JavaScript code in the context of another user by...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in /apprain/developer/addons/update/tablesorter. An attacker can execute arbitrary scripts in the context of a user's browser by submitting crafted...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the dataAddonlayouts and dataAddonlayoutsexcept parameters within the /apprain/developer/addons/update/uploadify process. An attacker can execute arbitrary JavaScript cod...
CVE-2025-41061 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...
CVE-2025-41060 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tree...
CVE-2025-41060
CVE-2025-41060 (appRain CMF 4.0.5) : A stored authenticated XSS flaw exists due to insufficient validation of input on the /apprain/developer/addons/update/tree endpoint. The attackable data fields are the parameters data[Addon][layouts] and data[Addon][layouts_except], which can store and execut...
CVE-2025-41059 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tablesorter...
CVE-2025-41059
appRain CMF 4.0.5 contains a stored authenticated XSS vulnerability in the endpoint /apprain/developer/addons/update/tablesorter, exploitable via the parameters data[Addon][layouts] and data[Addon][layouts_except]. The issue stems from improper validation of user input in this API path, allowing ...
CVE-2025-41058 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/rowmanager...
CVE-2025-41058 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/rowmanager...
CVE-2025-41058
appRain CMF 4.0.5 is affected by a stored authenticated XSS vulnerability in the /apprain/developer/addons/update/row_manager endpoint. The issue arises from improper validation of user input in the parameters data[Addon][layouts] and data[Addon][layouts_except], enabling an attacker to inject sc...
CVE-2025-41057 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/richtexteditor...
CVE-2025-41056 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/hysontable...
CVE-2025-41056
CVE-2025-41056 concerns appRain CMF v4.0.5, where a stored authenticated XSS flaw arises from insufficient validation of user input via the parameters data[Addon][layouts] and data[Addon][layouts_except] on the /apprain/developer/addons/update/hysontable endpoint. Public sources describe the vuln...
CVE-2025-41055 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/dialogs...