appRain CMF cross-site scripting vulnerability (CNVD-2025-21130)

appRain CMF is a content management framework from appRain Canada. appRain CMF suffers from a cross-site scripting vulnerability that is caused by improper validation of user input in the /apprain/developer/language/lipsum.xml endpoint. An attacker could use this vulnerability to steal the victim...

CVE-2025-41040

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/lipsum.xm...

CVE-2025-41040

CVE-2025-41040 : appRain CMF 4.0.5 contains a stored authenticated XSS in /apprain/developer/language/lipsum.xml via unsanitized data[code], data[lang][0][key/value], data[lang][1][key], and data[title]. Root cause: improper validation of user input. Impact: cookie-based credential theft potentia...

CVE-2025-41040 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/lipsum.xm...