Stored XSS in Raytha CMS Affects User Profile Editing Functionality
CVE-2025-69241

5.3MEDIUM

Key Information:

Vendor: Raytha
Status: Raytha
Vendor: CVE Published:; 16 March 2026

What is CVE-2025-69241?

Raytha CMS is exposed to a Stored XSS vulnerability that arises through user input parameters, specifically the FirstName and LastName fields in the profile editing section. An authenticated attacker can exploit this flaw by injecting malicious HTML and JavaScript code, which will execute whenever users visit the compromised profile page. This vulnerability compromises the security of the application, allowing attackers to execute arbitrary scripts in the context of the affected users' browsers. The flaw was addressed in version 1.4.6, highlighting the importance of keeping software updated to mitigate such risks.

Affected Version(s)

Raytha 0 < 1.4.6

References

https://cert.pl/en/posts/2026/03/CVE-2025-69236

third-party-advisory

https://raytha.com

product

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Dec 30, 2025

Credit

Daniel Basta

CVE-2025-69241 Data

JSON