Unrated severityNVD Advisory· Published Sep 4, 2025· Updated Sep 4, 2025
Stored Cross-Site Scripting vulnerability in appRain CMF
CVE-2025-41048
Description
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/admin.
Affected products
2- appRain/appRain CMFv5Range: 4.0.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.