Unrated severityNVD Advisory· Published Mar 16, 2026· Updated Mar 16, 2026

Stored XSS in Raytha CMS

CVE-2025-69241

Description

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page.

This issue was fixed in version 1.4.6.

Affected products

Raytha/Raythav5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.pl/en/posts/2026/03/CVE-2025-69236mitrethird-party-advisory
raytha.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000