Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

CVE-2025-41043: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF

Medium
VulnerabilityCVE-2025-41043cvecve-2025-41043cwe-79
Published: Thu Sep 04 2025 (09/04/2025, 11:11:08 UTC)
Source: CVE Database V5
Vendor/Project: appRain
Product: appRain CMF

Description

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]' and 'data[AppReportCode][name]' parameters in /apprain/appreport/manage/.

Technical Details

Data Version
5.1
Assigner Short Name
INCIBE
Date Reserved
2025-04-16T09:09:29.025Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68b975cec185832b7711f5f4

Added to database: 9/4/2025, 11:19:42 AM

Last updated: 9/4/2025, 11:19:42 AM

Views: 1

Related Threats

CVE-2025-41063: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF

Medium
VulnerabilityThu Sep 04 2025

CVE-2025-41062: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF

Medium
VulnerabilityThu Sep 04 2025

CVE-2025-41061: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF

Medium
VulnerabilityThu Sep 04 2025

CVE-2025-41060: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF

Medium
VulnerabilityThu Sep 04 2025

CVE-2025-41059: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF

Medium
VulnerabilityThu Sep 04 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats