5.1
CVE-2025-41040 - Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through theย 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' and 'data[title]' parameters inย /apprain/developeโฆ
5.1
CVE-2025-41039 - Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through theย 'data[sconfig][admin_landing_page]', 'data[sconfig][currency]', 'data[sconfig][db_version]', 'data[sconfig][default_pagination]', โฆ
5.1
CVE-2025-41038 - Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through theย 'data[Group][name]' parameter in /apprain/admin/managegroup/add/.
5.1
CVE-2025-41037 - Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through theย 'data[FileManager][search]' parameter in /apprain/admin/filemanager.
5.1
CVE-2025-41036 - Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through theย 'data[Admin][description]', 'data[Admin][f_name]' and 'data[Admin][l_name]' parameters in /apprain/admin/account/edit.
7.1
CVE-2025-41035 - Path Traversal vulnerability in appRain CMF
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on the โฆ
8.7
CVE-2025-41034 - SQL injection vulnerability in appRain CMF
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through theย 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/.
8.7
CVE-2025-41033 - SQL injection vulnerability in appRain CMF
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through theย 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create.
8.7
CVE-2025-41032 - SQL injection vulnerability in appRain CMF
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through theย 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/.
7.7
CVE-2024-34598 -
Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store.