286 matches found
CVE-2025-41061
appRain CMF 4.0.5 contains a stored authenticated XSS vulnerability in the /apprain/developer/addons/update/uploadify endpoint, caused by insufficient validation of user input in data[Addon][layouts] and data[Addon][layouts_except]. Public descriptions from CNVD/CNNVD and SNYK corroborate that th...
CVE-2025-41058
appRain CMF 4.0.5 is affected by a stored authenticated XSS vulnerability in the /apprain/developer/addons/update/row_manager endpoint. The issue arises from improper validation of user input in the parameters data[Addon][layouts] and data[Addon][layouts_except], enabling an attacker to inject sc...
CVE-2025-41058 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/rowmanager...
CVE-2025-41057
CVE-2025-41057 (appRain CMF 4.0.5) : A stored authenticated XSS vulnerability exists due to insufficient validation of user input in the API endpoint /apprain/developer/addons/update/rich_text_editor, specifically via the data[Addon][layouts] and data[Addon][layouts_except] parameters. This could...
CVE-2025-41057 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/richtexteditor...
CVE-2025-41055
Affected product : appRain CMF 4.0.5. Vulnerability : stored authenticated cross-site scripting in /apprain/developer/addons/update/dialogs via data[Addon][layouts] and data[Addon][layouts_except]. Root cause : insufficient input validation allowing injection of script. Impact : could enable exec...
CVE-2025-41055 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/dialogs...
CVE-2025-41054 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/cycle...
CVE-2025-41053 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/commonresource...
CVE-2025-41053
appRain CMF 4.0.5 is affected by a stored authenticated XSS vulnerability due to improper validation of user input. The issue is triggered via the data[Addon][layouts] and data[Addon][layouts_except] parameters in the API endpoint /apprain/developer/addons/update/commonresource. Connected sources...
CVE-2025-41053 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/commonresource...
CVE-2025-41052 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/canvasjs...
CVE-2025-41052
CVE-2025-41052 affects appRain CMF 4.0.5. A stored authenticated XSS exists due to insufficient validation of user input in the /apprain/developer/addons/update/canvasjs endpoint, triggered via data[Addon][layouts] and data[Addon][layouts_except]. Consequences described include cookie-based crede...
CVE-2025-41052 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/canvasjs...
CVE-2025-41051
CVE-2025-41051 affects appRain CMF v4.0.5 and is a stored authenticated XSS vulnerability on the endpoint /apprain/developer/addons/update/bootstrap, triggered by improper validation of input in data[Addon][layouts] and data[Addon][layouts_except]. Several connected sources describe an XSS that c...
CVE-2025-41051 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/bootstrap...
CVE-2025-41050 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/baselibs...
CVE-2025-41050 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/baselibs...
CVE-2025-41049 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/appform...
CVE-2025-41049
appRain CMF 4.0.5 has a stored authenticated XSS in /apprain/developer/addons/update/appform via data[Addon][layouts] and data[Addon][layouts_except]. Multiple sources (CNVD, Red Hat, CVE/NVD, CVE List, Snyk, vuln enrichment) confirm the vulnerability and general impact (cookie-theft risk) withou...