CVE-2025-10367

🗓️ 13 Sep 2025 14:02:06Reported by VulDBType

Cross site scripting in cardEdit.php of MiczFlor Jukebox RFID up to 2.8.0 enables remote exploit.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-10367	13 Sep 202516:56	–	circl
CNNVD	RPi-Jukebox-RFID 代码注入漏洞	13 Sep 202500:00	–	cnnvd
Cvelist	CVE-2025-10367 MiczFlor RPi-Jukebox-RFID cardEdit.php cross site scripting	13 Sep 202514:02	–	cvelist
EUVD	EUVD-2025-29093	3 Oct 202520:07	–	euvd
NVD	CVE-2025-10367	13 Sep 202514:15	–	nvd
Positive Technologies	PT-2025-37373	13 Sep 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-10367	15 Sep 202514:31	–	redhatcve
Vulnrichment	CVE-2025-10367 MiczFlor RPi-Jukebox-RFID cardEdit.php cross site scripting	13 Sep 202514:02	–	vulnrichment

NVD

Vulners

Node

sourcefabric rpi-jukebox-rfidRange≤2.8.0

[
  {
    "vendor": "MiczFlor",
    "product": "RPi-Jukebox-RFID",
    "versions": [
      {
        "version": "2.0",
        "status": "affected"
      },
      {
        "version": "2.1",
        "status": "affected"
      },
      {
        "version": "2.2",
        "status": "affected"
      },
      {
        "version": "2.3",
        "status": "affected"
      },
      {
        "version": "2.4",
        "status": "affected"
      },
      {
        "version": "2.5",
        "status": "affected"
      },
      {
        "version": "2.6",
        "status": "affected"
      },
      {
        "version": "2.7",
        "status": "affected"
      },
      {
        "version": "2.8.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/YZS17/CVE/blob/main/RPi-Jukebox-RFID/xss2.md
github	www.github.com/YZS17/CVE/blob/main/RPi-Jukebox-RFID/xss2.md

29 Apr 2026 01:00Current

3.8Low risk

Vulners AI Score3.8

CVSS 3.13.5 - 6.1

CVSS 24

CVSS 45.1

CVSS 33.5

EPSS0.00048

SSVC