Lucene search
+L

361 matches found

Snyk
Snyk
added 2025/09/04 11:46 a.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the dataAdminusername parameter in the /apprain/admin/manage/add/ path. An attacker can access, modify, or delete database records by injecting crafted input. Remediation There is no fixed version for apprain/apprain...

9.8CVSS7.9AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/04 11:46 a.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the dataPagename parameter in the /apprain/page/manage-static-pages/create/ path. An attacker can retrieve, create, update, or delete database records by injecting crafted input. Remediation There is no fixed version f...

9.8CVSS7.9AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/04 11:46 a.m.6 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the dataPagename parameter in the /apprain/page/manage-dynamic-pages/create path. An attacker can retrieve, create, update, or delete database records by injecting malicious SQL statements. Remediation There is no fixe...

9.8CVSS7.9AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/04 11:46 a.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the datasconfigethicallicensekey parameter in the /apprain/admin/config/ethical process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that ...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/04 11:45 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataFileManagersearch parameter in the /apprain/admin/filemanager process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is...

5.4CVSS5.5AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/04 11:45 a.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the page parameter in /apprain/developer/addons. An attacker can execute arbitrary scripts in the context of the authenticated user's browser by crafting malicious input. Details Cross-site scripting or XSS ...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/04 11:16 a.m.12 views

CVE-2025-41063 Reflected Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...

4.8CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/04 11:16 a.m.4 views

CVE-2025-41063 Reflected Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...

4.8CVSS5.7AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:16 a.m.16 views

CVE-2025-41063

Summary (CVE-2025-41063) : appRain CMF v4.0.5 contains an authenticated reflected XSS vulnerability in the /apprain/developer/debug-log/db endpoint, triggered by insufficient validation of the query parameter “s.” This is documented across multiple sources (CNVD, NVD, Red Hat, CVE list, and other...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/04 11:16 a.m.11 views

CVE-2025-41062 Reflected Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in /apprain/developer/addons...

4.8CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:16 a.m.18 views

CVE-2025-41062

appRain CMF 4.0.5 is affected by an authenticated reflected XSS via the page parameter in /apprain/developer/addons, caused by insufficient input validation. Impact is described as client-side script execution within the user’s browser; no fixed version is documented in the provided sources. Miti...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/09/04 11:15 a.m.6 views

CVE-2025-41032

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...

9.8CVSS5.7AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 11:15 a.m.5 views

CVE-2025-41032

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...

9.8CVSS0.00353EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 11:15 a.m.6 views

CVE-2025-41034

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/...

9.8CVSS0.00353EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 11:15 a.m.4 views

CVE-2025-41034

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/...

9.8CVSS5.7AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 11:15 a.m.12 views

CVE-2025-41033

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...

9.8CVSS0.00353EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 11:15 a.m.4 views

CVE-2025-41035

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...

6.5CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2025/09/04 11:15 a.m.8 views

CVE-2025-41033

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...

9.8CVSS5.7AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 11:15 a.m.8 views

CVE-2025-41035

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...

7.1CVSS0.00608EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/04 11:15 a.m.4 views

CVE-2025-41061 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder