CVE-2025-69237
Stored XSS in Raytha CMS Page Creation Allows Code Injection
Publication date: 2026-03-16
Last updated on: 2026-03-16
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| raytha | raytha | to 1.4.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-69237 is a Stored Cross-Site Scripting (XSS) vulnerability in Raytha CMS affecting versions before 1.4.6.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs via the FieldValues[0].Value parameter in the page creation functionality, where input is not properly neutralized.'}, {'type': 'paragraph', 'content': 'An authenticated attacker with permissions to create content can inject arbitrary HTML and JavaScript code into the website.'}, {'type': 'paragraph', 'content': "This malicious code is stored and executed when users visit the affected page, potentially leading to unauthorized script execution in users' browsers."}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability allows an authenticated attacker with content creation permissions to inject malicious scripts into the website.'}, {'type': 'paragraph', 'content': 'When other users visit the compromised pages, the injected scripts execute in their browsers, which can lead to unauthorized actions such as stealing session cookies, defacing content, or redirecting users to malicious sites.'}, {'type': 'paragraph', 'content': "Such attacks can compromise user data, damage the website's reputation, and potentially lead to further exploitation of users or the system."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in Raytha CMS versions before 1.4.6, specifically via the FieldValues[0].Value parameter in the page creation functionality. Detection involves verifying if your Raytha CMS instance is running a vulnerable version and checking for injected HTML or JavaScript in created pages.
Since the vulnerability requires authenticated access with content creation permissions, detection can include reviewing recently created or edited pages for suspicious scripts or HTML code in the FieldValues[0].Value parameter.
- Check the Raytha CMS version by accessing the application or its version endpoint to confirm if it is older than 1.4.6.
- Manually inspect content created via the page creation functionality for unexpected or suspicious HTML/JavaScript code.
- Use web application scanning tools that can detect stored XSS vulnerabilities by submitting payloads to the FieldValues[0].Value parameter and observing if the payload is stored and executed.
No specific commands are provided in the available resources for automated detection on the network or system.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Raytha CMS to version 1.4.6 or later, where this Stored XSS vulnerability has been fixed.
Until the upgrade can be performed, restrict permissions to create content only to trusted users to reduce the risk of exploitation.
Additionally, review and sanitize any user-generated content, especially content created via the FieldValues[0].Value parameter, to prevent injection of malicious scripts.