361 matches found
appRain CMF cross-site scripting vulnerability (CNVD-2025-21117)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/canvasjs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21115)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/baselibs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21112)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input by the /apprain/developer/addons/update/ace endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21122)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/richtexteditor endpoint. An attacker could use the vulnerability to steal the victim's cookie-based...
appRain CMF path traversal vulnerability
appRain CMF is a content management framework. A path traversal vulnerability exists in appRain CMF, which stems from the incorrect handling of base64 path parameters, and can be exploited by an attacker to download an arbitrary file on the system via a constructed URL request...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21126)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/uploadify endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21128)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/debug-log/db endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication credentials...
appRain CMF SQL Injection Vulnerability (CNVD-2025-21108)
appRain CMF is a content management framework. appRain CMF suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BAdmin%5D%5Busername%5D parameter of /apprain/admin/manage/add. An attacker could use this vulnerability t...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21131)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input in the /apprain/information/manage/emailtemplate/add endpoint. An attacker could use this vulnerability to steal the victim's cookie-base...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21125)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/tree endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21123)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/rowmanager endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authenticatio...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21129)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/language/default.xml endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
appRain CMF Cross-Site Scripting Vulnerability (CNVD-2025-20910)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user-supplied input on the /appain/admin/config/electrical endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21120)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/dialogs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21121)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/hysontable endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authenticatio...
appRain CMF SQL Injection Vulnerability (CNVD-2025-21132)
appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-dynamic-pages/create. An attacker could use this...
CVE-2025-41058
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/rowmanager...
CVE-2025-41036
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...
CVE-2025-41054
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/cycle...
CVE-2025-41045
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigethicallicensekey' parameter in /apprain/admin/config/ethical...