CVE-2025-41050
appRain CMF 4.0.5 is affected by a stored authenticated XSS in the /apprain/developer/addons/update/base_libs endpoint, triggered via data[Addon][layouts] and data[Addon][layouts_except]. CNVD, RH, NVD, and CVE records agree on the affected version and parameters. The vulnerability could enable a...