286 matches found
CVE-2025-41040 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/lipsum.xm...
CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...
CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...
CVE-2025-41038
CVE-2025-41038 concerns appRain CMF v4.0.5, where a stored authenticated XSS flaw exists due to insufficient validation of input in the endpoint /apprain/admin/managegroup/add/ (parameter: data[Group][name]). The issue, documented across multiple sources, allows injected scripts to be stored and ...
CVE-2025-41037 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...
CVE-2025-41037 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...
CVE-2025-41037
Summary (CVE-2025-41037, appRain CMF): A stored authenticated XSS exists in appRain CMF version 4.0.5 due to insufficient validation of input in the parameter data[FileManager][search] at /apprain/admin/filemanager. The vulnerability stems from improper validation of user input, enabling injectio...
CVE-2025-41036 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...
CVE-2025-41035 Path Traversal vulnerability in appRain CMF
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...
CVE-2025-41035 Path Traversal vulnerability in appRain CMF
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...
CVE-2025-41033 SQL injection vulnerability in appRain CMF
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...
CVE-2025-41033
CVE-2025-41033 — AppRain CMF 4.0.5 is affected by an SQL injection in the /apprain/page/manage-dynamic-pages/create endpoint. The vulnerability stems from improper validation of the data[Page][name] parameter, allowing an attacker to retrieve, create, update, and delete records in the database. M...
CVE-2025-41032 SQL injection vulnerability in appRain CMF
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...
CVE-2025-41032
The CVE-2025-41032 entry concerns appRain CMF 4.0.5 with an SQL injection vulnerability in the parameter data[Admin][username] of the /apprain/admin/manage/add/ endpoint. Reported to allow an attacker to retrieve, create, update, and delete data in the back-end database. The vulnerability is desc...
PT-2025-35929
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input by the /apprain/developer/addons/update/ace endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...
PT-2025-35928
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/baselibs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
PT-2025-35931
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...
appRain CMF SQL注入漏洞
appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-static-pages/create. An attacker could use this...