Filtered by vendor Apprain
Subscriptions
Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41042 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Option][message]', 'data[Option][subject]' and 'data[Option][templatetype]' parameters in /apprain/information/manage/emailtemplate/add. | ||||
| CVE-2025-41041 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' and 'data[title]' parameters in /apprain/developer/language/default.xml. | ||||
| CVE-2025-41040 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' and 'data[title]' parameters in /apprain/developer/language/lipsum.xml. | ||||
| CVE-2025-41039 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][admin_landing_page]', 'data[sconfig][currency]', 'data[sconfig][db_version]', 'data[sconfig][default_pagination]', 'data[sconfig][emailsetup_from_email]', 'data[sconfig][emailsetup_host]', 'data[sconfig][emailsetup_password]', 'data[sconfig][emailsetup_port]', 'data[sconfig][emailsetup_username]', 'data[sconfig][fileresource_id]', 'data[sconfig][large_image_height]', 'data[sconfig][large_image_width]' and 'data[sconfig][time_zone_padding]' parameters in /apprain/admin/config/opts. | ||||
| CVE-2025-41038 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Group][name]' parameter in /apprain/admin/managegroup/add/. | ||||
| CVE-2025-41032 | 1 Apprain | 1 Apprain | 2025-09-04 | 9.8 Critical |
| An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/. | ||||
| CVE-2025-41033 | 1 Apprain | 1 Apprain | 2025-09-04 | 9.8 Critical |
| An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create. | ||||
| CVE-2025-41034 | 1 Apprain | 1 Apprain | 2025-09-04 | 9.8 Critical |
| An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/. | ||||
| CVE-2025-41035 | 1 Apprain | 1 Apprain | 2025-09-04 | 6.5 Medium |
| A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on the server via the base64 path after /download/. | ||||
| CVE-2025-41036 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Admin][description]', 'data[Admin][f_name]' and 'data[Admin][l_name]' parameters in /apprain/admin/account/edit. | ||||
| CVE-2025-41037 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[FileManager][search]' parameter in /apprain/admin/filemanager. | ||||
| CVE-2025-41043 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]' and 'data[AppReportCode][name]' parameters in /apprain/appreport/manage/. | ||||
| CVE-2025-41044 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Page][name]' parameter in /apprain/page/manage-static-pages/create. | ||||
| CVE-2025-41045 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][ethical_licensekey]' parameter in /apprain/admin/config/ethical. | ||||
| CVE-2025-41046 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/960grid. | ||||
| CVE-2025-41047 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/ace. | ||||
| CVE-2025-41048 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/admin. | ||||
| CVE-2025-41049 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/appform. | ||||
| CVE-2025-41050 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/base_libs. | ||||
| CVE-2025-41051 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/bootstrap. | ||||