Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Lifecycle Timeline
4DescriptionCVE.org
Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser.
This issue was fixed in 1.4.6.
AnalysisAI
Raytha CMS contains a Reflected Cross-Site Scripting (XSS) vulnerability in the logon functionality's returnUrl parameter that allows attackers to inject arbitrary JavaScript code. When an authenticated victim clicks a malicious URL crafted by an attacker, the injected script executes in the victim's browser with the victim's privileges, potentially enabling session hijacking, credential theft, or unauthorized actions within the CMS. The vulnerability was remediated in version 1.4.6, and while no CVSS score or EPSS data is currently available, the nature of XSS in authentication contexts represents a significant security risk requiring prompt patching.
Technical ContextAI
This vulnerability is a Reflected XSS flaw classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a critical web application vulnerability class. The returnUrl parameter in Raytha CMS's logon endpoint fails to properly sanitize or validate user-supplied input before reflecting it back into HTTP responses. Raytha CMS is a content management system platform, and the logon functionality represents a security-critical component where user authentication state is established. The vulnerability exists because the application likely constructs redirect URLs or displays user-controlled data without encoding or filtering special characters (such as angle brackets, quotes, or event handlers) that have meaning in HTML and JavaScript contexts. When an attacker-controlled value in returnUrl is embedded into an HTML response without proper output encoding, the browser interprets embedded JavaScript tags or event handlers as executable code rather than plain text.
RemediationAI
Upgrade Raytha CMS to version 1.4.6 or later immediately to remediate this vulnerability. This patch release includes input validation and output encoding fixes for the returnUrl parameter in the logon endpoint. Organizations unable to patch immediately should implement temporary mitigations: enforce strict Content Security Policy (CSP) headers to restrict script execution sources, deploy a Web Application Firewall (WAF) rule to detect and block malicious returnUrl patterns (such as those containing 'javascript:', event handlers, or encoded script tags), restrict user access to the logon endpoint to trusted IP ranges if feasible, and educate users to avoid clicking suspicious links in emails or messages. Additionally, monitor CMS logs for unusual activity in the logon endpoint. Once patching is completed, verify the fix by testing the returnUrl parameter with common XSS payloads to confirm proper encoding.
More in Open Redirect
View allGFI Kerio Control versions 9.2.5 through 9.4.5 contain an HTTP response splitting vulnerability in the dest parameter of
Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redire
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that aut
mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.1), this vulner
In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to
A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) pro
A denial of service vulnerability in GitLab CE/EE affecting all (CVSS 7.5) that allows an attacker. Risk factors: public
Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. Rated medium severity (CVSS 6.5), this vulnerability is remot
The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. Rated
Traccar GPS tracking system through version 6.11.1 allows authenticated users to hijack OAuth 2.0 authorization codes th
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208715