Lucene search
+L

286 matches found

Cvelist
Cvelist
added 2025/09/04 11:10 a.m.10 views

CVE-2025-41040 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/lipsum.xm...

5.1CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 11:9 a.m.13 views

CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

5.1CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/04 11:9 a.m.4 views

CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:9 a.m.12 views

CVE-2025-41038

CVE-2025-41038 concerns appRain CMF v4.0.5, where a stored authenticated XSS flaw exists due to insufficient validation of input in the endpoint /apprain/admin/managegroup/add/ (parameter: data[Group][name]). The issue, documented across multiple sources, allows injected scripts to be stored and ...

5.4CVSS5.7AI score0.00197EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/04 11:9 a.m.2 views

CVE-2025-41037 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...

5.1CVSS5.7AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 11:9 a.m.8 views

CVE-2025-41037 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...

5.1CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:9 a.m.13 views

CVE-2025-41037

Summary (CVE-2025-41037, appRain CMF): A stored authenticated XSS exists in appRain CMF version 4.0.5 due to insufficient validation of input in the parameter data[FileManager][search] at /apprain/admin/filemanager. The vulnerability stems from improper validation of user input, enabling injectio...

5.4CVSS5.7AI score0.00197EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/04 11:9 a.m.3 views

CVE-2025-41036 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...

5.1CVSS5.7AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 11:7 a.m.14 views

CVE-2025-41035 Path Traversal vulnerability in appRain CMF

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...

7.1CVSS0.00608EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/04 11:7 a.m.5 views

CVE-2025-41035 Path Traversal vulnerability in appRain CMF

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...

7.1CVSS6.5AI score0.00608EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 11:6 a.m.18 views

CVE-2025-41033 SQL injection vulnerability in appRain CMF

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...

8.7CVSS0.00353EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:6 a.m.15 views

CVE-2025-41033

CVE-2025-41033 — AppRain CMF 4.0.5 is affected by an SQL injection in the /apprain/page/manage-dynamic-pages/create endpoint. The vulnerability stems from improper validation of the data[Page][name] parameter, allowing an attacker to retrieve, create, update, and delete records in the database. M...

9.8CVSS7.4AI score0.00353EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/04 11:6 a.m.9 views

CVE-2025-41032 SQL injection vulnerability in appRain CMF

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...

8.7CVSS0.00353EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:6 a.m.13 views

CVE-2025-41032

The CVE-2025-41032 entry concerns appRain CMF 4.0.5 with an SQL injection vulnerability in the parameter data[Admin][username] of the /apprain/admin/manage/add/ endpoint. Reported to allow an attacker to retrieve, create, update, and delete data in the back-end database. The vulnerability is desc...

9.8CVSS7.4AI score0.00353EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.9 views

PT-2025-35929

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.6 views

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input by the /apprain/developer/addons/update/ace endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.8 views

PT-2025-35928

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

5.4CVSS5.4AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.6 views

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/baselibs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.5 views

PT-2025-35931

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

5.4CVSS5.4AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.6 views

appRain CMF SQL注入漏洞

appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-static-pages/create. An attacker could use this...

9.8CVSS7.7AI score0.00353EPSS
Exploits0References1
Rows per page
Query Builder