CVE-2025-64046
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in the /system/update-run.php file. This allows an attacker to inject malicious JavaScript code that can be executed in the victim's browser.
Risk Assessment
The risk includes session hijacking, credential theft, or unauthorized actions performed in the context of an authenticated administrator. This could lead to full compromise of the CMS system.
Recommendation
Immediately update RapidCMS to the latest patched version. If an update is not possible, restrict access to the /system/update-run.php file to trusted IP addresses only.
Original NVD description (English source)
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php.

