汇总 apprain 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 跨站脚本、SQL 注入与路径处理缺陷 相关,可能在 软件部署与生产负载 场景中带来 会话劫持与数据泄露 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2024-58279 | appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory. | [email protected] | 8.6 | 0.61% | 2025-12-10 | 2025-12-19 |
| CVE-2025-41063 | A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db. | [email protected] | 4.8 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41062 | A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in /apprain/developer/addons. | [email protected] | 4.8 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41061 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/uploadify. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41060 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/tree. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41059 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/tablesorter. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41058 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/row_manager. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41057 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/rich_text_editor. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41056 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/hysontable. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41055 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/dialogs. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41054 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/cycle. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41053 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/commonresource. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41052 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/canvasjs. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41051 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/bootstrap. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41050 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/base_libs. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41049 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/appform. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41048 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/admin. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41047 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/ace. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41046 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/960grid. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |
| CVE-2025-41045 | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][ethical_licensekey]' parameter in /apprain/admin/config/ethical. | [email protected] | 5.1 | 0.02% | 2025-09-04 | 2025-09-04 |