Description
Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser.

This issue was fixed in version 1.4.6.
Published: 2026-03-16
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary JavaScript execution in authenticated browser
Action: Apply Patch
AI Analysis

Impact

Raytha CMS is vulnerable to reflected cross‑site scripting through the backToListUrl parameter. An attacker can craft a malicious URL that, when opened by an authenticated victim, causes arbitrary JavaScript to execute in the victim’s browser. This weakness is identified as CWE‑79.

Affected Systems

The affected product is Raytha CMS (vendor Raytha). All releases prior to version 1.4.6 contain the vulnerability; deployments running earlier versions remain at risk until updated.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity, while an EPSS score of less than 1% shows a low probability of active exploitation. The issue is not listed in CISA’s KEV catalog. Exploitation requires an authenticated user to click a crafted link, so the most likely attack vector is a phishing or malicious link sent to a valid user. Applying the available patch mitigates the risk entirely.

Generated by OpenCVE AI on March 17, 2026 at 15:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Raytha CMS patch version 1.4.6 or newer

Generated by OpenCVE AI on March 17, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Raytha
Raytha raytha
CPEs cpe:2.3:a:raytha:raytha:*:*:*:*:*:*:*:*
Vendors & Products Raytha
Raytha raytha
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in version 1.4.6.
Title Reflected XSS in Raytha CMS
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Raytha Raytha
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-03-16T13:49:56.366Z

Reserved: 2025-12-30T08:44:21.410Z

Link: CVE-2025-69242

cve-icon Vulnrichment

Updated: 2026-03-16T13:43:54.554Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:01.577

Modified: 2026-03-16T19:27:58.210

Link: CVE-2025-69242

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:02:36Z

Weaknesses