Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-41049 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/appform. | |||||
| CVE-2025-41050 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/base_libs. | |||||
| CVE-2025-41051 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/bootstrap. | |||||
| CVE-2025-57425 | 1 Remyandrade | 1 Faq Management System | 2025-09-04 | N/A | 6.1 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint. | |||||
| CVE-2025-9652 | 1 Portabilis | 1 I-educar | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-9653 | 1 Portabilis | 1 I-educar | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-41054 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/cycle. | |||||
| CVE-2025-9939 | 1 Codeastro | 1 Real Estate Management System | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
| A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /propertyview.php. Such manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-9940 | 1 Codeastro | 1 Real Estate Management System | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was detected in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /feature.php. Performing manipulation of the argument msg results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-41052 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/canvasjs. | |||||
| CVE-2025-41053 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/commonresource. | |||||
| CVE-2025-57151 | 1 Phpgurukul | 1 Complaint Management System | 2025-09-04 | N/A | 8.8 HIGH |
| phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter. | |||||
| CVE-2025-57150 | 1 Phpgurukul | 1 Complaint Management System | 2025-09-04 | N/A | 7.2 HIGH |
| phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter. | |||||
| CVE-2025-41055 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/dialogs. | |||||
| CVE-2025-41056 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/hysontable. | |||||
| CVE-2025-41057 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/rich_text_editor. | |||||
| CVE-2025-41058 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/row_manager. | |||||
| CVE-2025-41059 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/tablesorter. | |||||
| CVE-2025-41060 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/tree. | |||||
| CVE-2025-41061 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/uploadify. | |||||