CVE Catalog

CVE-2025-64047

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php. This allows an attacker to inject malicious scripts into the page, which can be executed in the victim's browser.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, capture authentication credentials, or perform other malicious actions in the context of a logged-in administrator.

Recommendation

Immediately update RapidCMS to the latest available version that includes a fix for the XSS vulnerability. If an update is not possible, manually sanitize input data in the /user/user-move.php file.

Original NVD description (English source)

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS