Lucene search
K

6 matches found

CNVD
CNVD
added 2025/09/08 12:0 a.m.3 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21116)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/bootstrap endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 12:15 p.m.4 views

CVE-2025-41051

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/bootstrap...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 12:15 p.m.8 views

CVE-2025-41051

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/bootstrap...

5.4CVSS0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.5 views

PT-2025-35922

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.3 views

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/bootstrap endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/04 4:46 a.m.37 views

CVE-2022-33294 NULL pointer dereference in Modem

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message...

7.5CVSS7.7AI score0.00383EPSS
Exploits0References1
Rows per page
Query Builder