CVE-2025-41039

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

CVE-2025-41045

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigethicallicensekey' parameter in /apprain/admin/config/ethical...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the datasconfigadminlandingpage, datasconfigcurrency, datasconfigdbversion, datasconfigdefaultpagination, datasconfigemailsetupfromemail, datasconfigemailsetuphost,...

Youtube Script id参数远程SQL注入漏洞

BUGTRAQ ID: 24734 Youtube Script是用PHP编写的用于播放在线视频的脚本。 Youtube Script在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞控制应用系统或导致敏感信息泄露。 Youtube Script的msg.php脚本中没有正确地验证对id参数的输入，允许远程攻击者通过在提交的数据中插入SQL代码在有漏洞的站点非授权操作数据库。 Devellion Limited Youtube script 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...