CVE-2025-10369 | MiczFlor RPi-Jukebox-RFID up to 2.8.0 cardRegisterNew.php cross site scripting

Inserito da Angelo Barbosa | Set 12, 2025 | CVE

A vulnerability described as problematic has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting.

This vulnerability is handled as CVE-2025-10369. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10369 | MiczFlor RPi-Jukebox-RFID up to 2.8.0 cardRegisterNew.php cross site scripting

Post correlati

CVE-2024-9075 | Stirling-Tools Stirling-PDF up to 0.28.3 Markdown-to-PDF cross site scripting

CVE-2025-25189 | ZOO-Project Web Processing Service publish.py jobid cross site scripting (GHSA-pw7m-p9q7-357p)

CVE-2025-7080 | Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret hard-coded password

CVE-2025-8840 | jshERP up to 3.5 Endpoint deleteBatch ids improper authorization (Issue 126)