Cross Site Scripting Vulnerability in OpenRapid RapidCMS by OpenRapid
CVE-2025-64047

6.1MEDIUM

Key Information:

Vendor: OpenRapid
Status: RapidCMS
Vendor: CVE Published:; 24 November 2025

What is CVE-2025-64047?

OpenRapid RapidCMS version 1.3.1 is susceptible to a Cross Site Scripting (XSS) vulnerability located in the /user/user-move.php file. This flaw allows attackers to inject malicious scripts into web pages viewed by unsuspecting users, potentially leading to session hijacking or redirection to malicious sites. It is imperative for users of RapidCMS to patch this vulnerability to prevent exploitation. For more details, visit the official site or the associated GitHub gist.

References

http://rapidcms.com

https://gist.github.com/b1uel0n3/b105ad05dbcd3fe148a26e81...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 24, 2025
Vulnerability Reserved
Oct 27, 2025

JSON