3 matches found
CVE-2025-41053
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/commonresource...
CVE-2025-41053
appRain CMF 4.0.5 is affected by a stored authenticated XSS vulnerability due to improper validation of user input. The issue is triggered via the data[Addon][layouts] and data[Addon][layouts_except] parameters in the API endpoint /apprain/developer/addons/update/commonresource. Connected sources...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/commonresource endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...