CVE Catalog

CVE-2025-64046

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in the /system/update-run.php file. This allows an attacker to inject malicious JavaScript code that can be executed in the victim's browser.

Risk Assessment

The risk includes session hijacking, credential theft, or unauthorized actions performed in the context of an authenticated administrator. This could lead to full compromise of the CMS system.

Recommendation

Immediately update RapidCMS to the latest patched version. If an update is not possible, restrict access to the /system/update-run.php file to trusted IP addresses only.

Original NVD description (English source)

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS