Back to search
CVE-2025-69241
Published: Mar 16, 2026
Modified: Mar 16, 2026
PUBLISHED
Description
Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6.
| Vendor | Product | Versions |
|---|---|---|
Raytha | Raytha | affected 0 - < 1.4.6 |
Weaknesses (CWE)
References
https://cert.pl/en/posts/2026/03/CVE-2025-69236
third-party-advisory
https://raytha.com
product
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now