102 matches found
CVE-2025-69240
Raytha CMS allows an attacker to spoof X-Forwarded-Host or Host headers to attacker controlled domain. The attacker who knows the victim's email address can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser...
CVE-2025-69239 Server-Site Request Forgery in Raytha CMS
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...
CVE-2025-69239 Server-Site Request Forgery in Raytha CMS
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...
CVE-2025-69239 Server-Site Request Forgery in Raytha CMS
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...
CVE-2025-69239
Raytha CMS (affected component: Themes - Import from URL) is vulnerable to Server-Side Request Forgery. The vulnerability arises from allowing a high-privilege user to supply a URL for a server-side HTTP request, enabling potential unintended requests. The issue is fixed in version 1.4.6. The CVS...
CVE-2025-69238 Cross-Site Request Forgery in Raytha CMS
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...
CVE-2025-69238
Raytha CMS (CVE-2025-69238) is affected by a Cross‑Site Request Forgery affecting multiple endpoints. The issue arises from missing token verification for authenticated requests, enabling a crafted website to trigger unintended actions (e.g., data deletion) when a logged-in victim visits the page...
CVE-2025-69238 Cross-Site Request Forgery in Raytha CMS
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...
CVE-2025-69237 Stored XSS in Raytha CMS
Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...
CVE-2025-69237 Stored XSS in Raytha CMS
Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...
CVE-2025-69237 Stored XSS in Raytha CMS
Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...
CVE-2025-69237
Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...
CVE-2025-69237
CVE-2025-69237 concerns Raytha CMS, where a Stored XSS vulnerability exists in the page creation flow via FieldValues[0].Value. An authenticated attacker with content-creation permissions can inject arbitrary HTML/JS that is rendered on the edited page. The issue is fixed in version 1.4.6. The pr...
CVE-2025-69236 Stored XSS in Raytha CMS
Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...
CVE-2025-69236 Stored XSS in Raytha CMS
Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...
CVE-2025-69236 Stored XSS in Raytha CMS
Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...
CVE-2025-69236
Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...
CVE-2025-15540
Raytha CMS is affected by CVE-2025-15540 in the Functions module. Privileged users can write and execute JavaScript that can instantiate .NET components and perform arbitrary operations within the hosting environment due to insufficient sandboxing/access restrictions. Impact is described as authe...
CVE-2025-15540
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...
CVE-2025-15540 Authenticated RCE in Raytha CMS
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...