Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Lifecycle Timeline
4DescriptionCVE.org
Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser.
This issue was fixed in version 1.4.6.
AnalysisAI
Raytha CMS contains a reflected cross-site scripting (XSS) vulnerability in the backToListUrl parameter that allows unauthenticated attackers to inject arbitrary JavaScript code. When an authenticated victim visits a specially crafted malicious URL, the injected script executes in their browser context, potentially allowing session hijacking, credential theft, or malware distribution. The vulnerability was patched in version 1.4.6, and while the CVSS score of 5.1 is moderate, the attack requires user interaction (UI:A) but no authentication, making it a practical attack vector against admin users.
Technical ContextAI
This vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting). The backToListUrl parameter in Raytha CMS fails to properly sanitize or escape user-supplied input before reflecting it back in the HTTP response, allowing attackers to inject malicious JavaScript payloads. Raytha CMS is a headless content management system built on modern web technologies. The root cause is inadequate input validation and output encoding on a navigation-related parameter, which is often overlooked during security reviews because it appears to be a benign internal application parameter. The reflected nature means the payload must be delivered via URL, making it suitable for phishing campaigns targeting authenticated administrators.
RemediationAI
Upgrade Raytha CMS to version 1.4.6 or later immediately, as this is the patched version that addresses the backToListUrl XSS vulnerability. Until patching is possible, implement input validation and output encoding on all URL parameters, particularly navigation-related parameters like backToListUrl, by enforcing URL whitelisting, encoding user input with HTML entity encoding, and applying Content Security Policy (CSP) headers to restrict script execution. Additionally, restrict administrative access to trusted IP ranges and require multi-factor authentication for CMS administrators to reduce the surface area for credential compromise. Review server logs for any evidence of exploitation attempts targeting the backToListUrl parameter.
SQL injection in Raytha CMS 1.5.2 lets a remote, unauthenticated attacker inject arbitrary SQL through the OData filter
A code injection vulnerability in Raytha CMS's Functions module allows privileged users to execute arbitrary .NET operat
A host header injection vulnerability in Raytha CMS allows attackers to hijack password reset tokens by spoofing X-Forwa
Raytha CMS contains a user enumeration vulnerability in its password reset functionality where differing error messages
Raytha CMS lacks brute force protection mechanisms, allowing attackers to conduct unlimited automated login attempts wit
Raytha CMS contains a Cross-Site Request Forgery (CSRF) vulnerability across multiple endpoints that fails to enforce to
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the profile editing functionality, specifically
Raytha CMS contains a Reflected Cross-Site Scripting (XSS) vulnerability in the logon functionality's returnUrl paramete
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the page creation functionality through the Fie
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the post editing functionality, specifically wi
Raytha CMS contains a Server-Side Request Forgery (SSRF) vulnerability in its Theme Import from URL feature that allows
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208711