CVE-2025-69245 MEDIUM

CVE-2025-69245: Reflected XSS in Raytha CMS

Vendor Raytha

Product Raytha

Weakness CWE-79 · XSS

Published March 16, 2026

Last update March 16, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6.

Key dates

02Disclosure timeline

March 16, 2026 CVE published

March 16, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-69245 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-39482 WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability CVE-2024-1759 WP ULike <= 4.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2023-35162 XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template CVE-2025-58023 WordPress Genealogical Tree plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability CVE-2025-49486 Extension - balbooa.com - Stored XSS in Balbooa Gallery component version 1.0.0 - 2.4.0 for Joomla