MEDIUM🇬🇧 English

CVE-2025-69238

CVSS 6.9v4.0pub. 2026-03-16

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification.  This issue was fixed in version 1.4.6.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Raytha

    APP
    Raytha
    < 1.4.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-69240HIGH7.5ten sam produkt

Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The...

CVE-2025-15540HIGH8.6ten sam produkt

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to applicat...

CVE-2025-69237MEDIUM5.1ten sam produkt

Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functionality. Auth...

CVE-2025-69239MEDIUM5.1ten sam produkt

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows a...

CVE-2025-69241MEDIUM5.3ten sam produkt

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality....