Patryk Kieszek

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.4.6 **Description** Raytha CMS is susceptible to a Reflected Cross-Site Scripting (XSS) issue. This occurs through manipulation of the `returnUrl` parameter within the logon functionality. An attacker can create a malicious URL. When an authenticated user accesses this URL, it can lead to the execution of arbitrary JavaScript code in the user's web browser. **Recommendations** Update Raytha CMS to version 1.4.6 or later.