CVE-2025-41040

CVE-2025-41040 : appRain CMF 4.0.5 contains a stored authenticated XSS in /apprain/developer/language/lipsum.xml via unsanitized data[code], data[lang][0][key/value], data[lang][1][key], and data[title]. Root cause: improper validation of user input. Impact: cookie-based credential theft potentia...