Vulnerability Description
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][admin_landing_page]', 'data[sconfig][currency]', 'data[sconfig][db_version]', 'data[sconfig][default_pagination]', 'data[sconfig][emailsetup_from_email]', 'data[sconfig][emailsetup_host]', 'data[sconfig][emailsetup_password]', 'data[sconfig][emailsetup_port]', 'data[sconfig][emailsetup_username]', 'data[sconfig][fileresource_id]', 'data[sconfig][large_image_height]', 'data[sconfig][large_image_width]' and 'data[sconfig][time_zone_padding]' parameters in /apprain/admin/config/opts.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apprain | Apprain | 4.0.5 |
Related Weaknesses (CWE)
References
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-apprThird Party Advisory
FAQ
What is CVE-2025-41039?
CVE-2025-41039 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][admin_landing_pa...
How severe is CVE-2025-41039?
CVE-2025-41039 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-41039?
Check the references section above for vendor advisories and patch information. Affected products include: Apprain Apprain.