CVE-2025-10370 | MiczFlor RPi-Jukebox-RFID up to 2.8.0 /htdocs/userScripts.php Custom script cross site scripting

Inserito da Angelo Barbosa | Set 12, 2025 | CVE

A vulnerability classified as problematic has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2025-10370. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10370 | MiczFlor RPi-Jukebox-RFID up to 2.8.0 /htdocs/userScripts.php Custom script cross site scripting

Post correlati

CVE-2024-40951 | Linux Kernel up to 6.6.35/6.9.6 ocfs2_abort_trigger null pointer dereference (67bcecd78060/eb63357ef229/685d03c37953)

CVE-2025-8506 | 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e /user/editUI cross site scripting

CVE-2023-52214 | voidCoders Void Contact Form 7 Widget for Elementor Page Builder Plugin authorization

CVE-2025-1187 | code-projects Police FIR Record Management System 1.0 Delete Record stack-based overflow