Lucene search
K

361 matches found

cnvd
cnvd
added 2025/09/08 12:0 a.m.4 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21117)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/canvasjs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.4 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21115)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/baselibs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.5 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21112)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input by the /apprain/developer/addons/update/ace endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.3 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21122)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/richtexteditor endpoint. An attacker could use the vulnerability to steal the victim's cookie-based...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.3 views

appRain CMF path traversal vulnerability

appRain CMF is a content management framework. A path traversal vulnerability exists in appRain CMF, which stems from the incorrect handling of base64 path parameters, and can be exploited by an attacker to download an arbitrary file on the system via a constructed URL request...

7.1CVSS6.9AI score0.00608EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.4 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21126)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/uploadify endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.4 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21128)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/debug-log/db endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication credentials...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.4 views

appRain CMF SQL Injection Vulnerability (CNVD-2025-21108)

appRain CMF is a content management framework. appRain CMF suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BAdmin%5D%5Busername%5D parameter of /apprain/admin/manage/add. An attacker could use this vulnerability t...

9.8CVSS7.5AI score0.00353EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.3 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21131)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input in the /apprain/information/manage/emailtemplate/add endpoint. An attacker could use this vulnerability to steal the victim's cookie-base...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.4 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21125)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/tree endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.5 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21123)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/rowmanager endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authenticatio...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.3 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21129)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/language/default.xml endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.3 views

appRain CMF Cross-Site Scripting Vulnerability (CNVD-2025-20910)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user-supplied input on the /appain/admin/config/electrical endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.3 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21120)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/dialogs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.5 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21121)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/hysontable endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authenticatio...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
added 2025/09/08 12:0 a.m.36 views

appRain CMF SQL Injection Vulnerability (CNVD-2025-21132)

appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-dynamic-pages/create. An attacker could use this...

9.8CVSS7.9AI score0.00353EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/09/06 11:25 a.m.8 views

CVE-2025-41058

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/rowmanager...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/09/06 11:25 a.m.6 views

CVE-2025-41036

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...

5.4CVSS6.1AI score0.00197EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/09/06 11:25 a.m.5 views

CVE-2025-41054

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/cycle...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/09/06 11:25 a.m.9 views

CVE-2025-41045

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigethicallicensekey' parameter in /apprain/admin/config/ethical...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder