Lucene search
K

23 matches found

CVE
CVE
added 2025/12/10 9:12 p.m.24 views

CVE-2024-58279

CVE-2024-58279 affects appRain CMF 4.0.5. An authenticated administrator can upload a crafted PHP file via the filemanager/upload endpoint, leading to remote code execution and the potential formation of a web shell with command execution in the uploads directory. Multiple connected sources corro...

8.8CVSS7.8AI score0.00821EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-26713

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26720

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-26716

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26717

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00162EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/08 12:0 a.m.4 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21112)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input by the /apprain/developer/addons/update/ace endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/08 12:0 a.m.2 views

appRain CMF Cross-Site Scripting Vulnerability (CNVD-2025-20910)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user-supplied input on the /appain/admin/config/electrical endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/06 11:25 a.m.6 views

CVE-2025-41043

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAppReportCodeid' and 'dataAppReportCodename' parameters in /apprain/appreport/manage/...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/06 11:25 a.m.6 views

CVE-2025-41055

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/dialogs...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/06 11:25 a.m.12 views

CVE-2025-41061

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 12:15 p.m.7 views

CVE-2025-41059

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tablesorter...

5.4CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 12:15 p.m.5 views

CVE-2025-41056

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/hysontable...

5.4CVSS0.00162EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 12:15 p.m.3 views

CVE-2025-41046

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/960grid...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 12:15 p.m.4 views

CVE-2025-41040

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/lipsum.xm...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 11:15 a.m.5 views

CVE-2025-41061 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...

5.1CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/04 11:14 a.m.5 views

CVE-2025-41056 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/hysontable...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:11 a.m.12 views

CVE-2025-41044

CVE-2025-41044 affects appRain CMF 4.0.5. A stored authenticated XSS exists due to improper validation of user input in the /apprain/page/manage-static-pages/create endpoint, specifically through the data[Page][name] parameter. Public sources consistently describe the vulnerability as cross-site ...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/09/04 11:10 a.m.14 views

CVE-2025-41040

CVE-2025-41040 : appRain CMF 4.0.5 contains a stored authenticated XSS in /apprain/developer/language/lipsum.xml via unsanitized data[code], data[lang][0][key/value], data[lang][1][key], and data[title]. Root cause: improper validation of user input. Impact: cookie-based credential theft potentia...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/04 11:9 a.m.4 views

CVE-2025-41036 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...

5.1CVSS0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.5 views

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/debug-log/db endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication credentials...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder