361 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the dataAdminusername parameter in the /apprain/admin/manage/add/ path. An attacker can access, modify, or delete database records by injecting crafted input. Remediation There is no fixed version for apprain/apprain...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the dataPagename parameter in the /apprain/page/manage-static-pages/create/ path. An attacker can retrieve, create, update, or delete database records by injecting crafted input. Remediation There is no fixed version f...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the dataPagename parameter in the /apprain/page/manage-dynamic-pages/create path. An attacker can retrieve, create, update, or delete database records by injecting malicious SQL statements. Remediation There is no fixe...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the datasconfigethicallicensekey parameter in the /apprain/admin/config/ethical process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that ...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataFileManagersearch parameter in the /apprain/admin/filemanager process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the page parameter in /apprain/developer/addons. An attacker can execute arbitrary scripts in the context of the authenticated user's browser by crafting malicious input. Details Cross-site scripting or XSS ...
CVE-2025-41063 Reflected Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...
CVE-2025-41063 Reflected Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...
CVE-2025-41063
Summary (CVE-2025-41063) : appRain CMF v4.0.5 contains an authenticated reflected XSS vulnerability in the /apprain/developer/debug-log/db endpoint, triggered by insufficient validation of the query parameter “s.” This is documented across multiple sources (CNVD, NVD, Red Hat, CVE list, and other...
CVE-2025-41062 Reflected Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in /apprain/developer/addons...
CVE-2025-41062
appRain CMF 4.0.5 is affected by an authenticated reflected XSS via the page parameter in /apprain/developer/addons, caused by insufficient input validation. Impact is described as client-side script execution within the user’s browser; no fixed version is documented in the provided sources. Miti...
CVE-2025-41032
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...
CVE-2025-41032
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...
CVE-2025-41034
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/...
CVE-2025-41034
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/...
CVE-2025-41033
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...
CVE-2025-41035
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...
CVE-2025-41033
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...
CVE-2025-41035
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...
CVE-2025-41061 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...