CVE-2025-69242

| EUVD-2025-208711 MEDIUM
2026-03-16 CERT-PL
5.1
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 12:00 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 12:00 euvd
EUVD-2025-208711
CVE Published
Mar 16, 2026 - 11:54 nvd
MEDIUM 5.1

Tags

XSS Raytha

Description

Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in version 1.4.6.

Analysis

Raytha CMS contains a reflected cross-site scripting (XSS) vulnerability in the backToListUrl parameter that allows unauthenticated attackers to inject arbitrary JavaScript code. When an authenticated victim visits a specially crafted malicious URL, the injected script executes in their browser context, potentially allowing session hijacking, credential theft, or malware distribution. The vulnerability was patched in version 1.4.6, and while the CVSS score of 5.1 is moderate, the attack requires user interaction (UI:A) but no authentication, making it a practical attack vector against admin users.

Technical Context

This vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting). The backToListUrl parameter in Raytha CMS fails to properly sanitize or escape user-supplied input before reflecting it back in the HTTP response, allowing attackers to inject malicious JavaScript payloads. Raytha CMS is a headless content management system built on modern web technologies. The root cause is inadequate input validation and output encoding on a navigation-related parameter, which is often overlooked during security reviews because it appears to be a benign internal application parameter. The reflected nature means the payload must be delivered via URL, making it suitable for phishing campaigns targeting authenticated administrators.

Affected Products

Raytha CMS versions prior to 1.4.6 are affected by this reflected XSS vulnerability in the backToListUrl parameter. The specific version range and CPE identifier for Raytha CMS would typically be cpe:2.3:a:raytha:raytha_cms (following standard CPE3.1 conventions). Organizations running Raytha CMS 1.4.5 and earlier should prioritize patching. Vendors and self-hosted deployments should consult official Raytha security advisories and release notes for version 1.4.6 and later.

Remediation

Upgrade Raytha CMS to version 1.4.6 or later immediately, as this is the patched version that addresses the backToListUrl XSS vulnerability. Until patching is possible, implement input validation and output encoding on all URL parameters, particularly navigation-related parameters like backToListUrl, by enforcing URL whitelisting, encoding user input with HTML entity encoding, and applying Content Security Policy (CSP) headers to restrict script execution. Additionally, restrict administrative access to trusted IP ranges and require multi-factor authentication for CMS administrators to reduce the surface area for credential compromise. Review server logs for any evidence of exploitation attempts targeting the backToListUrl parameter.

Priority Score

26
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +26
POC: 0

Share

CVE-2025-69242 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy