PT-2025-35918 · Unknown · Apprain Cmf

Rafael Pedrero

·

Published

2025-09-04

·

Updated

2025-09-04

·

CVE-2025-41047

Report an issue
CVSS v3.1
5.4
VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions:

appRain CMF version 4.0.5

Description:

A stored authenticated Cross-Site Scripting (XSS) issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the `data[Addon][layouts]` and `data[Addon][layouts except]` parameters in the `/apprain/developer/addons/update/ace` API endpoint.

Recommendations:

Ensure proper validation and sanitization of user input for the `data[Addon][layouts]` and `data[Addon][layouts except]` parameters.

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-41047

Affected Products

Apprain Cmf