CVE-2025-69241

MEDIUM WAF: High

CVSS 5.4 Published: 2026-03-16

CWE-79

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
raytha	raytha	up to 1.4.6

References

cert.pl (Third Party Advisory)
raytha.com (Product)

Back to CVE Database