Unrated severityNVD Advisory· Published Sep 4, 2025· Updated Sep 4, 2025
Stored Cross-Site Scripting vulnerability in appRain CMF
CVE-2025-41036
Description
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Admin][description]', 'data[Admin][f_name]' and 'data[Admin][l_name]' parameters in /apprain/admin/account/edit.
Affected products
2- appRain/appRain CMFv5Range: 4.0.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.