Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL w

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to de

Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when open

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated att

Raytha CMS allows an attacker to spoof X-Forwarded-Host or Host headers to attacker controlled domain. The attacker (who knows

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when v

Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functionality. Authenticated attacker

Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functionality. Authenticated attacker w

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack