CVE-2025-41047: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/ace.
CVE-2025-41047: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF
Description
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/ace.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- INCIBE
- Date Reserved
- 2025-04-16T09:09:31.880Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68b975cec185832b7711f60a
Added to database: 9/4/2025, 11:19:42 AM
Last updated: 9/4/2025, 11:19:42 AM
Views: 1
Related Threats
CVE-2025-41063: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF
MediumCVE-2025-41062: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF
MediumCVE-2025-41061: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF
MediumCVE-2025-41060: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF
MediumCVE-2025-41059: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in appRain appRain CMF
MediumActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.