CVE-2025-69241

MEDIUM

Stored XSS in Raytha CMS

Title source: cna

Description

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6.

References (2)

[Third Party Advisory] https://cert.pl/en/posts/2026/03/CVE-2025-69236

[Product] https://raytha.com

Scores

CVSS v3 5.4

EPSS 0.0003

EPSS Percentile 9.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

Raytha/Raytha < 1.4.6

raytha/raytha < 1.4.6

Published Mar 16, 2026

Tracked Since Mar 16, 2026