CVE-2025-67170

A reflected cross-site scripting XSS vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

EUVD-2025-203914

A reflected cross-site scripting XSS vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

CVE-2025-67171

Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal...

CVE-2025-67172

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the parsespecialtags function...

CVE-2025-67168

RiteCMS v3.1.0 is affected by CVE-2025-67168 due to insecure password storage via weak encryption. Multiple sources (NVD, Red Hat, EUVD, CNVD, OSV, CNVD) describe the issue consistently; root cause is insecure password encryption, with impact limited to confidentiality (C: Low) and no integrity/a...

CVE-2025-67171

Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal...

PT-2023-29291 · Ritecms · Ritecms

Name of the Vulnerable Software and Affected Versions: RiteCMS version 3.0 Description: A File upload issue allows a local attacker to upload a SVG file containing XSS content. Recommendations: For RiteCMS version 3.0, consider restricting file uploads to prevent exploitation until a fix is...