Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting (XSS) issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the data[Addon][layouts] and data[Addon][layouts except] parameters in the /apprain/developer/addons/update/960grid API endpoint. Recommendations: Apply proper input validation to the data[Addon][layouts] and data[Addon][layouts except] parameters in the /apprain/developer/addons/update/960grid API…Read More