Lucene search
K

102 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/16 11:53 a.m.6 views

CVE-2025-69240

Raytha CMS allows an attacker to spoof X-Forwarded-Host or Host headers to attacker controlled domain. The attacker who knows the victim's email address can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/16 11:53 a.m.28 views

CVE-2025-69239 Server-Site Request Forgery in Raytha CMS

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...

5.1CVSS0.00248EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 11:53 a.m.6 views

CVE-2025-69239 Server-Site Request Forgery in Raytha CMS

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...

5.1CVSS5.9AI score0.00248EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/16 11:53 a.m.5 views

CVE-2025-69239 Server-Site Request Forgery in Raytha CMS

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...

5.1CVSS5.8AI score0.00248EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 11:53 a.m.13 views

CVE-2025-69239

Raytha CMS (affected component: Themes - Import from URL) is vulnerable to Server-Side Request Forgery. The vulnerability arises from allowing a high-privilege user to supply a URL for a server-side HTTP request, enabling potential unintended requests. The issue is fixed in version 1.4.6. The CVS...

5.1CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/16 11:53 a.m.28 views

CVE-2025-69238 Cross-Site Request Forgery in Raytha CMS

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...

6.9CVSS0.00121EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 11:53 a.m.8 views

CVE-2025-69238

Raytha CMS (CVE-2025-69238) is affected by a Cross‑Site Request Forgery affecting multiple endpoints. The issue arises from missing token verification for authenticated requests, enabling a crafted website to trigger unintended actions (e.g., data deletion) when a logged-in victim visits the page...

6.9CVSS5.8AI score0.00217EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/16 11:53 a.m.5 views

CVE-2025-69238 Cross-Site Request Forgery in Raytha CMS

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...

6.9CVSS6AI score0.00217EPSS
Exploits0References5
OSV
OSV
added 2026/03/16 11:53 a.m.3 views

CVE-2025-69237 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.1CVSS6AI score0.00217EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/16 11:53 a.m.2 views

CVE-2025-69237 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.1CVSS5.8AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 11:53 a.m.27 views

CVE-2025-69237 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.1CVSS0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:53 a.m.8 views

CVE-2025-69237

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References3
CVE
CVE
added 2026/03/16 11:53 a.m.10 views

CVE-2025-69237

CVE-2025-69237 concerns Raytha CMS, where a Stored XSS vulnerability exists in the page creation flow via FieldValues[0].Value. An authenticated attacker with content-creation permissions can inject arbitrary HTML/JS that is rendered on the edited page. The issue is fixed in version 1.4.6. The pr...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/16 11:52 a.m.5 views

CVE-2025-69236 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.1CVSS6AI score0.00217EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/16 11:52 a.m.28 views

CVE-2025-69236 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.1CVSS0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 11:52 a.m.3 views

CVE-2025-69236 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:52 a.m.7 views

CVE-2025-69236

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References3
CVE
CVE
added 2026/03/16 11:52 a.m.10 views

CVE-2025-15540

Raytha CMS is affected by CVE-2025-15540 in the Functions module. Privileged users can write and execute JavaScript that can instantiate .NET components and perform arbitrary operations within the hosting environment due to insufficient sandboxing/access restrictions. Impact is described as authe...

8.8CVSS6AI score0.00477EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:52 a.m.7 views

CVE-2025-15540

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

8.6CVSS6AI score0.00477EPSS
Exploits0References3
OSV
OSV
added 2026/03/16 11:52 a.m.9 views

CVE-2025-15540 Authenticated RCE in Raytha CMS

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

8.6CVSS6.1AI score0.00477EPSS
Exploits0References5
Rows per page
Query Builder