VYPR

Apprain

by Apprain

Source repositories

CVEs (38)

  • CVE-2025-41048Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/admin…

  • CVE-2025-41047Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/ace.

  • CVE-2025-41046Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/960gr…

  • CVE-2025-41045Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][ethical_licensekey]' parameter in /apprain/admin/config/ethical.

  • CVE-2025-41044Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Page][name]' parameter in /apprain/page/manage-static-pages/create.

  • CVE-2025-41043Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]' and 'data[AppReportCode][name]' parameters in /apprain/appreport/manage/.

  • CVE-2025-41042Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Option][message]', 'data[Option][subject]' and 'data[Option][templatetype]' parameters in…

  • CVE-2025-41041Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' and 'data[title]' parameters…

  • CVE-2025-41040Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' and 'data[title]' parameters…

  • CVE-2025-41039Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][admin_landing_page]', 'data[sconfig][currency]', 'data[sconfig][db_version]',…

  • CVE-2025-41038Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Group][name]' parameter in /apprain/admin/managegroup/add/.

  • CVE-2025-41037Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[FileManager][search]' parameter in /apprain/admin/filemanager.

  • CVE-2025-41036Sep 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the  'data[Admin][description]', 'data[Admin][f_name]' and 'data[Admin][l_name]' parameters in…

  • CVE-2025-41035Sep 4, 2025
    risk 0.00cvss epss 0.01

    A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document…

  • CVE-2025-41034Sep 4, 2025
    risk 0.00cvss epss 0.00

    An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/.

  • CVE-2025-41033Sep 4, 2025
    risk 0.00cvss epss 0.00

    An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create.

  • CVE-2025-41032Sep 4, 2025
    risk 0.00cvss epss 0.00

    An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/.

  • CVE-2011-3704Sep 23, 2011
    risk 0.00cvss epss 0.01

    appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php.

Page 2 of 2