CVE-2025-41039 | appRain CMF 4.0.5 opts cross site scripting

A vulnerability was found in appRain CMF 4.0.5. It has been rated as problematic. Affected is an unknown function of the file /apprain/admin/config/opts. Performing manipulation of the argument data[sconfig][admin_landing_page]/data[sconfig][currency]/data[sconfig][db_version]/data[sconfig][default_pagination]/data[sconfig][emailsetup_from_email]/data[sconfig][emailsetup_host]/data[sconfig][emailsetup_password]/data[sconfig][emailsetup_port]/data[sconfig][emailsetup_username]/data[sconfig][fileresource_id]/data[sconfig][large_image_height]/data[sconfig][large_image_width]’/’data[sconfig][time_zone_padding] results in cross site scripting.

This vulnerability is reported as CVE-2025-41039. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More