Total
39592 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9746 | 1 Campcodes | 1 Hospital Management System | 2025-09-04 | 3.3 LOW | 2.4 LOW |
| A vulnerability was detected in Campcodes Hospital Management System 1.0. This affects an unknown function of the file /admin/edit-doctor-specialization.php of the component Edit Doctor Specialization Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2025-41036 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Admin][description]', 'data[Admin][f_name]' and 'data[Admin][l_name]' parameters in /apprain/admin/account/edit. | |||||
| CVE-2025-41037 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[FileManager][search]' parameter in /apprain/admin/filemanager. | |||||
| CVE-2025-41038 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Group][name]' parameter in /apprain/admin/managegroup/add/. | |||||
| CVE-2025-41039 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][admin_landing_page]', 'data[sconfig][currency]', 'data[sconfig][db_version]', 'data[sconfig][default_pagination]', 'data[sconfig][emailsetup_from_email]', 'data[sconfig][emailsetup_host]', 'data[sconfig][emailsetup_password]', 'data[sconfig][emailsetup_port]', 'data[sconfig][emailsetup_username]', 'data[sconfig][fileresource_id]', 'data[sconfig][large_image_height]', 'data[sconfig][large_image_width]' and 'data[sconfig][time_zone_padding]' parameters in /apprain/admin/config/opts. | |||||
| CVE-2025-41040 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' and 'data[title]' parameters in /apprain/developer/language/lipsum.xml. | |||||
| CVE-2025-41041 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' and 'data[title]' parameters in /apprain/developer/language/default.xml. | |||||
| CVE-2025-41042 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Option][message]', 'data[Option][subject]' and 'data[Option][templatetype]' parameters in /apprain/information/manage/emailtemplate/add. | |||||
| CVE-2025-41043 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]' and 'data[AppReportCode][name]' parameters in /apprain/appreport/manage/. | |||||
| CVE-2025-41044 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Page][name]' parameter in /apprain/page/manage-static-pages/create. | |||||
| CVE-2025-41045 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][ethical_licensekey]' parameter in /apprain/admin/config/ethical. | |||||
| CVE-2025-41046 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/960grid. | |||||
| CVE-2025-41047 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/ace. | |||||
| CVE-2025-41048 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/admin. | |||||
| CVE-2025-41049 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/appform. | |||||
| CVE-2025-41050 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/base_libs. | |||||
| CVE-2025-41051 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/bootstrap. | |||||
| CVE-2025-57425 | 1 Remyandrade | 1 Faq Management System | 2025-09-04 | N/A | 6.1 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint. | |||||
| CVE-2025-9652 | 1 Portabilis | 1 I-educar | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-9653 | 1 Portabilis | 1 I-educar | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||