10 matches found
appRain CMF Cross-Site Scripting Vulnerability
appRain CMF is a content management framework from appRain Canada. The appRain CMF suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input on the /appain/admin/account/edit endpoint. An attacker could use the vulnerability to steal the victim...
CVE-2025-41036
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...
CVE-2025-41036
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAdmindescription, dataAdminfname, and dataAdminlname parameters in the /apprain/admin/account/edit process. An attacker can execute arbitrary scripts in the context of a user's browser by submitting...
CVE-2025-41036 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...
CVE-2025-41036 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...
PT-2025-35907
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAdmindescription, dataAdminf name, and...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework from appRain Canada. The appRain CMF suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input on the /appain/admin/account/edit endpoint. An attacker could use the vulnerability to steal the victim...
CVE-2024-8490
The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'saveaccountdetails' function. This makes it possible for unauthenticated attackers to edit the name, email...
Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery
Hewlett-Packard HP 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery Exploit Title: Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability Date: 26.09.2013r. Exploit Author: Hubert GrÄ…dek PL Software Link: download link if available Tested on: HP-E2620...