PT-2025-35908 · Unknown · Apprain Cmf

Rafael Pedrero

Published

2025-09-04

Updated

2025-09-04

CVE-2025-41037

Report an issue

CVSS v3.1

5.4

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions:

appRain CMF version 4.0.5

Description:

A stored authenticated cross-site scripting (XSS) issue exists due to insufficient validation of user input. The vulnerability is located in the `data[FileManager][search]` parameter within the `/apprain/admin/filemanager` API endpoint.

Recommendations:

Apply input validation and sanitization to the `data[FileManager][search]` parameter in the `/apprain/admin/filemanager` API endpoint.

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-41037

Affected Products

Apprain Cmf

PT-2025-35908 · Unknown · Apprain Cmf

Weakness Enumeration

Related Identifiers

Affected Products

References · 3