{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-10367","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-12T14:04:33.577Z","datePublished":"2025-09-13T14:02:06.970Z","dateUpdated":"2025-09-15T15:37:29.204Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-13T14:02:06.970Z"},"title":"MiczFlor RPi-Jukebox-RFID cardEdit.php cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"MiczFlor","product":"RPi-Jukebox-RFID","versions":[{"version":"2.0","status":"affected"},{"version":"2.1","status":"affected"},{"version":"2.2","status":"affected"},{"version":"2.3","status":"affected"},{"version":"2.4","status":"affected"},{"version":"2.5","status":"affected"},{"version":"2.6","status":"affected"},{"version":"2.7","status":"affected"},{"version":"2.8.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/cardEdit.php. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In MiczFlor RPi-Jukebox-RFID bis 2.8.0 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /htdocs/cardEdit.php. Die Manipulation führt zu cross site scripting. Der Angriff kann remote ausgeführt werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-12T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-12T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-12T16:09:53.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"XU17 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.323775","name":"VDB-323775 | MiczFlor RPi-Jukebox-RFID cardEdit.php cross site scripting","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.323775","name":"VDB-323775 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.643518","name":"Submit #643518 | MiczFlor RPi-Jukebox-RFID 2.8.0 XSS","tags":["third-party-advisory"]},{"url":"https://github.com/YZS17/CVE/blob/main/RPi-Jukebox-RFID/xss2.md","tags":["related"]},{"url":"https://github.com/YZS17/CVE/blob/main/RPi-Jukebox-RFID/xss2.md#poc","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-15T15:37:20.738050Z","id":"CVE-2025-10367","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-15T15:37:29.204Z"}}]}}