CVE-2025-10246 | lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to 124fe96324915490c81eaf7db3234b0b4e4bab3c /f.php h cross site scripting

A vulnerability was found in lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to 124fe96324915490c81eaf7db3234b0b4e4bab3c. It has been classified as problematic. This affects an unknown part of the file /f.php. This manipulation of the argument h causes cross site scripting.

This vulnerability is registered as CVE-2025-10246. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10246 | lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to 124fe96324915490c81eaf7db3234b0b4e4bab3c /f.php h cross site scripting

Post correlati

CVE-2024-52871 | Flagsmith up to 2.134.0 Setting access control

CVE-2024-0298 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi setDiagnosisCfg ip os command injection

CVE-2024-7923 | Red Hat Satellite 6 up to 4.0/6.13/6.14/6.15/22.0 Foreman improper authentication

CVE-2025-6692 | YouTube Embed Plugin up to 10.3 on WordPress Instance cross site scripting