关键信息 CVE Identifier: CVE-2025-64047 Vulnerability Type: Cross-Site Scripting (XSS) Affected Product: - Vendor: OpenRapid - Product: RapidCMS - Version: 1.3.1 - Vulnerable Component: /admin/user/user-move.php Attack Type: Remote Attack Vectors: - Network-based attack - Remote unauthenticated attacker via crafted 'username' GET parameter - User interaction required Impact: Information Disclosure Technical Description: - The vulnerability exists in the user-move.php component of RapidCMS 1.3.1. An attacker can exploit it by crafting malicious input in the 'username' GET parameter. Attack Scenario: - A remote, unauthenticated attacker can craft a malicious URL containing an XSS payload in the 'username' parameter. When an authenticated administrator visits this URL, the malicious script executes in their context, potentially leading to session hijacking or unauthorized actions. References: - Vendor Website: http://openrapid.com - Product Website: http://rapicms.com Discoverer: b1uel0n3