appRain CMF cross-site scripting vulnerability (CNVD-2025-21121)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/hysontable endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authenticatio...

CVE-2025-41056

CVE-2025-41056 concerns appRain CMF v4.0.5, where a stored authenticated XSS flaw arises from insufficient validation of user input via the parameters data[Addon][layouts] and data[Addon][layouts_except] on the /apprain/developer/addons/update/hysontable endpoint. Public sources describe the vuln...

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/hysontable endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authenticatio...