CVE-2025-64047
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php. This allows an attacker to inject malicious scripts into the page, which can be executed in the victim's browser.
Risk Assessment
An attacker can exploit this vulnerability to steal user sessions, capture authentication credentials, or perform other malicious actions in the context of a logged-in administrator.
Recommendation
Immediately update RapidCMS to the latest available version that includes a fix for the XSS vulnerability. If an update is not possible, manually sanitize input data in the /user/user-move.php file.
Original NVD description (English source)
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php.

