CVE-2025-41038

Publication date

2025-09-04 11:09:46

Family

INCIBE

State

PUBLISHED

Description

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the data[Group][name] parameter in /apprain/admin/managegroup/add/.