CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7275 matches found

Positive Technologies•added 2025/09/05 12:0 a.m.•2 views

PT-2025-36126

Name of the Vulnerable Software and Affected Versions: VW THEMES Ibtana – Ecommerce Product Addons versions through 0.4.7.4 Description: The software contains a DOM-Based Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update VW...

6.5CVSS5.8AI score0.0019EPSS

Exploits0References3

OSV•added 2025/09/04 12:15 p.m.•3 views

CVE-2025-41062

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in /apprain/developer/addons...

5.4CVSS5.7AI score0.00162EPSS

Exploits0References1

OSV•added 2025/09/04 12:15 p.m.•2 views

CVE-2025-41059

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tablesorter...

5.4CVSS5.7AI score0.00162EPSS

Exploits0References1

NVD•added 2025/09/04 12:15 p.m.•3 views

CVE-2025-41062

5.4CVSS0.00162EPSS

Exploits0References1

OSV•added 2025/09/04 12:15 p.m.•3 views

CVE-2025-41057

5.4CVSS5.7AI score0.00162EPSS

Exploits0References1

NVD•added 2025/09/04 12:15 p.m.•6 views

CVE-2025-41053

5.4CVSS0.00162EPSS

Exploits0References1

OSV•added 2025/09/04 12:15 p.m.•2 views

CVE-2025-41050

5.4CVSS5.7AI score0.00162EPSS

Exploits0References1

Snyk•added 2025/09/04 11:45 a.m.•4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the dataAddonlayouts and dataAddonlayoutsexcept parameters within the /apprain/developer/addons/update/cycle process. An attacker can execute arbitrary scripts in the...

5.4CVSS5.5AI score0.00162EPSS

Exploits0References2

Snyk•added 2025/09/04 11:45 a.m.•6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/hysontable process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by...

5.4CVSS5.5AI score0.00162EPSS

Exploits0References2

Snyk•added 2025/09/04 11:45 a.m.•2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the page parameter in /apprain/developer/addons. An attacker can execute arbitrary scripts in the context of the authenticated user's browser by crafting malicious input. Details Cross-site scripting or XSS ...

5.4CVSS5.5AI score0.00162EPSS

Exploits0References2

Vulnrichment•added 2025/09/04 11:13 a.m.•3 views

CVE-2025-41055 Stored Cross-Site Scripting vulnerability in appRain CMF

5.1CVSS5.7AI score0.00162EPSS

Exploits0References1

CVE•added 2025/09/04 11:13 a.m.•10 views

CVE-2025-41054

CVE-2025-41054 affects appRain CMF 4.0.5. It’s a stored authenticated XSS in /apprain/developer/addons/update/cycle via data[Addon][layouts] and data[Addon][layouts_except]. Reported exploitation status is not provided; CVSS indicates NETWORK, LOW attack complexity, and user interaction is REQUIR...

5.4CVSS5.7AI score0.00162EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/09/04 11:13 a.m.•3 views

CVE-2025-41053 Stored Cross-Site Scripting vulnerability in appRain CMF

5.1CVSS5.7AI score0.00162EPSS

Exploits0References1

Cvelist•added 2025/09/04 11:12 a.m.•7 views

CVE-2025-41050 Stored Cross-Site Scripting vulnerability in appRain CMF

5.1CVSS0.00162EPSS

Exploits0References1

CVE•added 2025/09/04 11:12 a.m.•12 views

CVE-2025-41050

appRain CMF 4.0.5 is affected by a stored authenticated XSS in the /apprain/developer/addons/update/base_libs endpoint, triggered via data[Addon][layouts] and data[Addon][layouts_except]. CNVD, RH, NVD, and CVE records agree on the affected version and parameters. The vulnerability could enable a...

5.4CVSS5.7AI score0.00162EPSS

Exploits0References1Affected Software1

CVE•added 2025/09/04 11:12 a.m.•10 views

CVE-2025-41049

appRain CMF 4.0.5 has a stored authenticated XSS in /apprain/developer/addons/update/appform via data[Addon][layouts] and data[Addon][layouts_except]. Multiple sources (CNVD, Red Hat, CVE/NVD, CVE List, Snyk, vuln enrichment) confirm the vulnerability and general impact (cookie-theft risk) withou...

5.4CVSS5.7AI score0.00162EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/09/04 11:12 a.m.•5 views

CVE-2025-41047 Stored Cross-Site Scripting vulnerability in appRain CMF

5.1CVSS0.00162EPSS

Exploits0References1

Positive Technologies•added 2025/09/04 12:0 a.m.•4 views

PT-2025-35922

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

5.4CVSS5.3AI score0.00162EPSS

Exploits0References4

Positive Technologies•added 2025/09/04 12:0 a.m.•5 views

PT-2025-35929

5.4CVSS5.3AI score0.00162EPSS

Exploits0References4

CNNVD•added 2025/09/04 12:0 a.m.•3 views

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input on the /apprain/developer/addons/update/960grid endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...

5.4CVSS6.2AI score0.00162EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by