Lucene search
K

4 matches found

CNVD
CNVD
•added 2025/09/08 12:0 a.m.•2 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21109)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the apprain/admin/managegroup/add/ endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials...

5.4CVSS6.3AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/09/06 11:25 a.m.•5 views

CVE-2025-41038

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataGroupname' parameter in /apprain/admin/managegroup/add/...

5.4CVSS6.1AI score0.00197EPSS
Exploits0References1
OSV
OSV
•added 2025/09/04 12:15 p.m.•2 views

CVE-2025-41038

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataGroupname' parameter in /apprain/admin/managegroup/add/...

5.4CVSS5.7AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2025/09/04 12:0 a.m.•5 views

PT-2025-35909

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataGroupname parameter in the...

5.4CVSS5.3AI score0.00197EPSS
Exploits0References3
Rows per page
Query Builder