EUVD-2025-208699
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Lifecycle Timeline
3Description
Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6.
Analysis
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the post editing functionality, specifically within the FieldValues[1].Value parameter that fails to sanitize user input before storage and rendering. An authenticated attacker with post editing permissions can inject malicious HTML and JavaScript code that persists in the database and executes in the browsers of any user viewing the affected post, potentially leading to session hijacking, credential theft, or defacement. The vulnerability affects versions prior to 1.4.6 and does not appear to be actively exploited in the wild based on available intelligence, though the low CVSS score of 5.1 reflects the requirement for prior authentication and user interaction rather than the severity of the potential impact.
Technical Context
This vulnerability is rooted in CWE-79 (Improper Neutralization of Input During Web Page Generation), a classic stored XSS flaw where user-supplied content in the FieldValues[1].Value parameter during post editing is not properly escaped or sanitized before being persisted to the database and subsequently rendered in HTML context. Raytha CMS is a content management system built on modern web frameworks that processes post field values through its editing API. The vulnerability exists because input validation and output encoding mechanisms fail at the storage layer, allowing arbitrary HTML tags and JavaScript to be committed to the database. When subsequent requests retrieve and render these field values, the browser interprets the injected scripts as legitimate page content, enabling arbitrary code execution in the security context of the victim's session. The attack vector is network-based with low complexity, requiring only standard HTTP POST requests with crafted payloads targeting the post editing endpoint.
Affected Products
Raytha CMS versions prior to 1.4.6 are affected by this vulnerability. The vulnerability has been confirmed in the post editing functionality of Raytha CMS and the vendor has released version 1.4.6 as a patch. Organizations running Raytha CMS should consult the official Raytha project repository and security advisories for confirmation of affected versions and patch distribution channels.
Remediation
Upgrade Raytha CMS to version 1.4.6 or later immediately to apply the security patch that properly sanitizes and escapes the FieldValues parameter. Until patching can be completed, restrict post-editing permissions to a minimal set of trusted administrative users and conduct a content audit to identify any injected payloads in existing posts, removing or quarantining suspicious content. Implement a Web Application Firewall (WAF) rule to detect and block common XSS payloads in POST requests to the post editing endpoint, and enable Content Security Policy (CSP) headers with strict-origin-when-cross-origin and script-src directives to mitigate the impact of any injected scripts. Monitor access logs for unusual editing activity and consider implementing output encoding at the templating layer as a defense-in-depth measure to ensure all user-supplied content is properly escaped before rendering.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today