2195 matches found
CVE-2025-41055
Affected product : appRain CMF 4.0.5. Vulnerability : stored authenticated cross-site scripting in /apprain/developer/addons/update/dialogs via data[Addon][layouts] and data[Addon][layouts_except]. Root cause : insufficient input validation allowing injection of script. Impact : could enable exec...
CVE-2025-41054 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/cycle...
CVE-2025-41054 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/cycle...
CVE-2025-41054
CVE-2025-41054 affects appRain CMF 4.0.5. It’s a stored authenticated XSS in /apprain/developer/addons/update/cycle via data[Addon][layouts] and data[Addon][layouts_except]. Reported exploitation status is not provided; CVSS indicates NETWORK, LOW attack complexity, and user interaction is REQUIR...
CVE-2025-41053 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/commonresource...
CVE-2025-41053
appRain CMF 4.0.5 is affected by a stored authenticated XSS vulnerability due to improper validation of user input. The issue is triggered via the data[Addon][layouts] and data[Addon][layouts_except] parameters in the API endpoint /apprain/developer/addons/update/commonresource. Connected sources...
CVE-2025-41052
CVE-2025-41052 affects appRain CMF 4.0.5. A stored authenticated XSS exists due to insufficient validation of user input in the /apprain/developer/addons/update/canvasjs endpoint, triggered via data[Addon][layouts] and data[Addon][layouts_except]. Consequences described include cookie-based crede...
CVE-2025-41051 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/bootstrap...
CVE-2025-41049 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/appform...
CVE-2025-41049 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/appform...
CVE-2025-41048 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/admin...
CVE-2025-41048 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/admin...
CVE-2025-41048
CVE-2025-41048 affects appRain CMF v4.0.5. A stored authenticated XSS exists due to insufficient validation of input in the parameters data[Addon][layouts] and data[Addon][layouts_except] at /apprain/developer/addons/update/admin. Reported details consistently identify the vulnerability as stored...
CVE-2025-41047
CVE-2025-41047 affects appRain CMF 4.0.5 and is a stored authenticated XSS caused by insufficient validation of input in the /apprain/developer/addons/update/ace endpoint, specifically data[Addon][layouts] and data[Addon][layouts_except]. Multiple connected records corroborate the vulnerability a...
CVE-2025-41046 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/960grid...
CVE-2025-41046
CVE-2025-41046 : Multiple sources confirm a stored authenticated XSS in appRain CMF 4.0.5 via improper validation on input data[Addon][layouts] and data[Addon][layouts_except] at /apprain/developer/addons/update/960grid. Impact described across CNVD/NVD/RH/SNYK variants includes potential cookie-...
PT-2025-35923
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...
PT-2025-35921
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...
PT-2025-35917
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...
WordPress Events Addon for Elementor plugin cross-site scripting vulnerability
WordPress Events Addon for Elementor plugin is a plugin designed for Elementor page builder, mainly for creating event websites. The WordPress Events Addon for Elementor plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...