PT-2025-35919 · Unknown · Apprain Cmf

Rafael Pedrero

Published

2025-09-04

Updated

2025-09-04

CVE-2025-41048

Report an issue

CVSS v3.1

5.4

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions:

appRain CMF version 4.0.5

Description:

A stored authenticated cross-site scripting (XSS) issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the `data[Addon][layouts]` and `data[Addon][layouts except]` parameters in the `/apprain/developer/addons/update/admin` API endpoint.

Recommendations:

Apply input validation and sanitization to the `data[Addon][layouts]` and `data[Addon][layouts except]` parameters in the `/apprain/developer/addons/update/admin` API endpoint.

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-41048

Affected Products

Apprain Cmf

PT-2025-35919 · Unknown · Apprain Cmf

Weakness Enumeration

Related Identifiers

Affected Products

References · 4