Filtered by vendor Apprain
Subscribe
Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-41054 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/cycle. | |||||
| CVE-2025-41052 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/canvasjs. | |||||
| CVE-2025-41053 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/commonresource. | |||||
| CVE-2025-41055 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/dialogs. | |||||
| CVE-2025-41056 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/hysontable. | |||||
| CVE-2025-41057 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/rich_text_editor. | |||||
| CVE-2025-41058 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/row_manager. | |||||
| CVE-2025-41059 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/tablesorter. | |||||
| CVE-2025-41060 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/tree. | |||||
| CVE-2025-41061 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/uploadify. | |||||
| CVE-2025-41062 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in /apprain/developer/addons. | |||||
| CVE-2025-41063 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db. | |||||
| CVE-2011-3704 | 1 Apprain | 1 Apprain | 2025-04-11 | 5.0 MEDIUM | N/A |
| appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php. | |||||
| CVE-2011-5228 | 1 Apprain | 1 Apprain | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter. | |||||
| CVE-2012-1153 | 1 Apprain | 1 Apprain | 2025-04-11 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. | |||||
| CVE-2011-5229 | 1 Apprain | 1 Apprain | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. | |||||
| CVE-2013-6058 | 1 Apprain | 1 Apprain | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/. | |||||