Security Advisory

CVE-2025-41040

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-04 11:10:26
Last updated 2025-09-04 20:09:57
Assigner INCIBE
State PUBLISHED

Description

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the data[code], data[lang][0][key], data[lang][0][value], data[lang][1][key] and data[title] parameters in /apprain/developer/language/lipsum.xml.