Apprain

Apprain

37 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-41043

  • EPSS 0.03%
  • Published 04.09.2025 11:11:08
  • Last modified 04.09.2025 18:43:45

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]' and 'data[AppReportCode][name]' parameters in /apprain/...

5.4

CVE-2025-41042

  • EPSS 0.03%
  • Published 04.09.2025 11:10:57
  • Last modified 04.09.2025 18:43:52

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Option][message]', 'data[Option][subject]' and 'data[Option][templatetype]'...

5.4

CVE-2025-41041

  • EPSS 0.03%
  • Published 04.09.2025 11:10:38
  • Last modified 04.09.2025 18:44:02

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' ...

5.4

CVE-2025-41040

  • EPSS 0.03%
  • Published 04.09.2025 11:10:26
  • Last modified 04.09.2025 18:44:08

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' ...

5.4

CVE-2025-41039

  • EPSS 0.03%
  • Published 04.09.2025 11:09:58
  • Last modified 04.09.2025 18:44:19

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][admin_landing_page]', 'data[sconfig][currency]', 'data[sconfig][db...

5.4

CVE-2025-41038

  • EPSS 0.03%
  • Published 04.09.2025 11:09:46
  • Last modified 04.09.2025 18:44:27

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Group][name]' parameter in /apprain/admin/managegroup/add/.

5.4

CVE-2025-41037

  • EPSS 0.03%
  • Published 04.09.2025 11:09:32
  • Last modified 04.09.2025 18:44:34

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[FileManager][search]' parameter in /apprain/admin/filemanager.

5.4

CVE-2025-41036

  • EPSS 0.03%
  • Published 04.09.2025 11:09:16
  • Last modified 04.09.2025 18:44:41

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the  'data[Admin][description]', 'data[Admin][f_name]' and 'data[Admin][l_name]' para...

6.5

CVE-2025-41035

  • EPSS 0.04%
  • Published 04.09.2025 11:07:48
  • Last modified 04.09.2025 18:44:52

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permiss...

9.8

CVE-2025-41034

  • EPSS 0.04%
  • Published 04.09.2025 11:06:52
  • Last modified 04.09.2025 18:45:05

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/crea...