appRain CMF SQL Injection Vulnerability (CNVD-2025-21133)

appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-static-pages/create. An attacker could use this...

CVE-2025-41044

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataPagename' parameter in /apprain/page/manage-static-pages/create...

CVE-2025-41034

Summary: CVE-2025-41034 concerns an SQL injection in appRain CMF 4.0.5. The vulnerability arises from lack of validation of the input in the parameter data[Page][name] used by the /apprain/page/manage-static-pages/create/ endpoint. Impact (as stated): an attacker can retrieve, create, update, and...

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/page/manage-static-pages/create endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...