3 matches found
CVE-2025-41042
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataOptionmessage', 'dataOptionsubject' and 'dataOptiontemplatetype' parameters in /apprain/information/manage/emailtemplate/ad...
CVE-2025-41042
appRain CMF 4.0.5 is affected by a stored authenticated XSS in /apprain/information/manage/emailtemplate/add due to insufficient validation of input in data[Option][message], data[Option][subject], and data[Option][templatetype]. Impact cited includes cookie-based credential theft; exploitation s...
PT-2025-35913
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is present in the /apprain/information/manage/emailtemplate/add...