CVE-2025-69241

Medium CVSS: 5.3

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page.

This issue was fixed in version 1.4.6.

Vendor

Raytha

Product

Raytha

CWE

CWE-79

Yayın Tarihi

2026-03-16 14:18:01

Güncelleme

2026-03-16 19:28:08

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-79 Raytha MEDIUM Raytha 2026

Referanslar

https://cert.pl/en/posts/2026/03/CVE-2025-69236 https://raytha.com

Benzer Kayıtlar

Medium

CVE-2025-69246

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automa…

Medium

CVE-2025-69239

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker…

High

CVE-2025-69240

Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker…

Medium

CVE-2025-69242

Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which,…

Medium

CVE-2025-69243

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an atta…

Medium

CVE-2025-69245

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malici…