ReportizFlow
Filtered by vendor
Subscriptions
Total
38395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41037 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[FileManager][search]' parameter in /apprain/admin/filemanager. | ||||
| CVE-2025-41043 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]' and 'data[AppReportCode][name]' parameters in /apprain/appreport/manage/. | ||||
| CVE-2025-41044 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Page][name]' parameter in /apprain/page/manage-static-pages/create. | ||||
| CVE-2025-41045 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][ethical_licensekey]' parameter in /apprain/admin/config/ethical. | ||||
| CVE-2025-41046 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/960grid. | ||||
| CVE-2025-41047 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/ace. | ||||
| CVE-2025-41048 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/admin. | ||||
| CVE-2025-41049 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/appform. | ||||
| CVE-2025-41050 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/base_libs. | ||||
| CVE-2025-41051 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/bootstrap. | ||||
| CVE-2025-57425 | 2 Remyandrade, Sourcecodester | 2 Faq Management System, Faq Management System | 2025-09-04 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint. | ||||
| CVE-2025-9652 | 1 Portabilis | 1 I-educar | 2025-09-04 | 3.5 Low |
| A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-9653 | 1 Portabilis | 1 I-educar | 2025-09-04 | 3.5 Low |
| A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-41054 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/cycle. | ||||
| CVE-2025-9939 | 1 Codeastro | 1 Real Estate Management System | 2025-09-04 | 3.5 Low |
| A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /propertyview.php. Such manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-9940 | 1 Codeastro | 1 Real Estate Management System | 2025-09-04 | 3.5 Low |
| A vulnerability was detected in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /feature.php. Performing manipulation of the argument msg results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2025-41052 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/canvasjs. | ||||
| CVE-2025-41053 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/commonresource. | ||||
| CVE-2025-57151 | 1 Phpgurukul | 1 Complaint Management System | 2025-09-04 | 8.8 High |
| phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter. | ||||
| CVE-2025-57150 | 1 Phpgurukul | 1 Complaint Management System | 2025-09-04 | 7.2 High |
| phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter. | ||||