2025-09-04 11:09:58
INCIBE
PUBLISHED
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the data[sconfig][admin_landing_page], data[sconfig][currency], data[sconfig][db_version], data[sconfig][default_pagination], data[sconfig][emailsetup_from_email], data[sconfig][emailsetup_host], data[sconfig][emailsetup_password], data[sconfig][emailsetup_port], data[sconfig][emailsetup_username], data[sconfig][fileresource_id], data[sconfig][large_image_height], data[sconfig][large_image_width] and data[sconfig][time_zone_padding] parameters in /apprain/admin/config/opts.