CVE-2025-41040

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/lipsum.xm...

CVE-2025-41040

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/lipsum.xm...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the datacode, datalang0key, datalang0value, datalang1key, and datatitle parameters within the /apprain/developer/language/lipsum.xml process. An attacker can execute...

CVE-2025-41040 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/lipsum.xm...

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework from appRain Canada. appRain CMF suffers from a cross-site scripting vulnerability that is caused by improper validation of user input in the /apprain/developer/language/lipsum.xml endpoint. An attacker could use this vulnerability to steal the victim...

PT-2025-35911

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is present in the /apprain/developer/language/lipsum.xml endpoint...