Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataGroupname parameter in the /apprain/admin/managegroup/add/ process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is improperly...

PT-2025-35909

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataGroupname parameter in the...