CVE-2025-69241
Last modified
CVE-2025-69241 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Raytha | Raytha | < 1.4.6 |
References
- https://cert.pl/en/posts/2026/03/CVE-2025-69236Third Party Advisory
- https://raytha.comProduct
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-69241?
How severe is CVE-2025-69241?
How do I fix CVE-2025-69241?
Are you affected by CVE-2025-69241?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST