CVE-2025-69238

Raytha CMS (CVE-2025-69238) is affected by a Cross‑Site Request Forgery affecting multiple endpoints. The issue arises from missing token verification for authenticated requests, enabling a crafted website to trigger unintended actions (e.g., data deletion) when a logged-in victim visits the page...

CVE-2025-69237

CVE-2025-69237 concerns Raytha CMS, where a Stored XSS vulnerability exists in the page creation flow via FieldValues[0].Value. An authenticated attacker with content-creation permissions can inject arbitrary HTML/JS that is rendered on the edited page. The issue is fixed in version 1.4.6. The pr...

CVE-2025-69237 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

CVE-2025-69237

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

CVE-2025-69236 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

CVE-2025-69236 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

CVE-2025-69236

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

CVE-2025-15540

Raytha CMS is affected by CVE-2025-15540 in the Functions module. Privileged users can write and execute JavaScript that can instantiate .NET components and perform arbitrary operations within the hosting environment due to insufficient sandboxing/access restrictions. Impact is described as authe...

CVE-2025-15540 Authenticated RCE in Raytha CMS

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

CVE-2025-15540 Authenticated RCE in Raytha CMS

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

CVE-2025-15540

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

CVE-2026-4225

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...

CVE-2026-4225 CMS Made Simple User Management listusers.php cross site scripting

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...

CVE-2026-4225 CMS Made Simple User Management listusers.php cross site scripting

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Versions of Craft CMS from 5.6.0 to 5.9.11 contained security vulnerabilities. These vulnerabilities stemmed from the $settings array returned by the parsestr method in src/controllers/EntryTypesController.php, which...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. There is a security vulnerability in Craft CMS, which stems from the lack of sandbox protection in the rendering of template content provided by users through the Webhooks plugin. This vulnerability could allow...

Qool CMS 跨站脚本漏洞

Qool CMS is a content management system developed by basdog22. The Qool CMS 2.0 RC2 version has a cross-site scripting vulnerability. This vulnerability stems from cross-site request forgery, which may allow attackers to trick users into accessing malicious web pages and executing management...

PT-2026-25806

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.5 Craft CMS versions 5.0.0-RC1 through 5.9.11 Description Craft CMS contains a flaw in the UsersController-actionImpersonateWithToken function that allows a low-privilege user, or an unauthenticated us...

CVE-2025-69768

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Vulnerabilities existed in versions of Craft CMS from 4.0.0-RC1 to 4.17.6, as well as in versions 5.0.0-RC1 to 5.9.12. These vulnerabilities stemmed from a potential exploit where low-privilege users or unverified...