Lucene search
+L

286 matches found

cve
cve
added 2025/09/04 11:15 a.m.17 views

CVE-2025-41061

appRain CMF 4.0.5 contains a stored authenticated XSS vulnerability in the /apprain/developer/addons/update/uploadify endpoint, caused by insufficient validation of user input in data[Addon][layouts] and data[Addon][layouts_except]. Public descriptions from CNVD/CNNVD and SNYK corroborate that th...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
cve
cve
added 2025/09/04 11:14 a.m.15 views

CVE-2025-41058

appRain CMF 4.0.5 is affected by a stored authenticated XSS vulnerability in the /apprain/developer/addons/update/row_manager endpoint. The issue arises from improper validation of user input in the parameters data[Addon][layouts] and data[Addon][layouts_except], enabling an attacker to inject sc...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/09/04 11:14 a.m.11 views

CVE-2025-41058 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/rowmanager...

5.1CVSS0.00162EPSS
Exploits0References1
cve
cve
added 2025/09/04 11:14 a.m.18 views

CVE-2025-41057

CVE-2025-41057 (appRain CMF 4.0.5) : A stored authenticated XSS vulnerability exists due to insufficient validation of user input in the API endpoint /apprain/developer/addons/update/rich_text_editor, specifically via the data[Addon][layouts] and data[Addon][layouts_except] parameters. This could...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/09/04 11:14 a.m.10 views

CVE-2025-41057 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/richtexteditor...

5.1CVSS0.00162EPSS
Exploits0References1
cve
cve
added 2025/09/04 11:13 a.m.15 views

CVE-2025-41055

Affected product : appRain CMF 4.0.5. Vulnerability : stored authenticated cross-site scripting in /apprain/developer/addons/update/dialogs via data[Addon][layouts] and data[Addon][layouts_except]. Root cause : insufficient input validation allowing injection of script. Impact : could enable exec...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/09/04 11:13 a.m.10 views

CVE-2025-41055 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/dialogs...

5.1CVSS0.00162EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/04 11:13 a.m.19 views

CVE-2025-41054 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/cycle...

5.1CVSS0.00162EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/09/04 11:13 a.m.3 views

CVE-2025-41053 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/commonresource...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
cve
cve
added 2025/09/04 11:13 a.m.16 views

CVE-2025-41053

appRain CMF 4.0.5 is affected by a stored authenticated XSS vulnerability due to improper validation of user input. The issue is triggered via the data[Addon][layouts] and data[Addon][layouts_except] parameters in the API endpoint /apprain/developer/addons/update/commonresource. Connected sources...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/09/04 11:13 a.m.11 views

CVE-2025-41053 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/commonresource...

5.1CVSS0.00162EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/09/04 11:13 a.m.4 views

CVE-2025-41052 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/canvasjs...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
cve
cve
added 2025/09/04 11:13 a.m.17 views

CVE-2025-41052

CVE-2025-41052 affects appRain CMF 4.0.5. A stored authenticated XSS exists due to insufficient validation of user input in the /apprain/developer/addons/update/canvasjs endpoint, triggered via data[Addon][layouts] and data[Addon][layouts_except]. Consequences described include cookie-based crede...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/09/04 11:13 a.m.12 views

CVE-2025-41052 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/canvasjs...

5.1CVSS0.00162EPSS
Exploits0References1
cve
cve
added 2025/09/04 11:13 a.m.14 views

CVE-2025-41051

CVE-2025-41051 affects appRain CMF v4.0.5 and is a stored authenticated XSS vulnerability on the endpoint /apprain/developer/addons/update/bootstrap, triggered by improper validation of input in data[Addon][layouts] and data[Addon][layouts_except]. Several connected sources describe an XSS that c...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/09/04 11:13 a.m.11 views

CVE-2025-41051 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/bootstrap...

5.1CVSS0.00162EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/09/04 11:12 a.m.4 views

CVE-2025-41050 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/baselibs...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/04 11:12 a.m.13 views

CVE-2025-41050 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/baselibs...

5.1CVSS0.00162EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/09/04 11:12 a.m.4 views

CVE-2025-41049 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/appform...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
cve
cve
added 2025/09/04 11:12 a.m.14 views

CVE-2025-41049

appRain CMF 4.0.5 has a stored authenticated XSS in /apprain/developer/addons/update/appform via data[Addon][layouts] and data[Addon][layouts_except]. Multiple sources (CNVD, Red Hat, CVE/NVD, CVE List, Snyk, vuln enrichment) confirm the vulnerability and general impact (cookie-theft risk) withou...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder