23 matches found
CVE-2025-10368
A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/manageFilesFolders.php. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made...
CVE-2025-10366
A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...
CVE-2025-10327
A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command injection. The attack can be launched remotely...
CVE-2025-10369
A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized...
CVE-2025-10370 MiczFlor RPi-Jukebox-RFID userScripts.php cross site scripting
A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...
CVE-2025-10368 MiczFlor RPi-Jukebox-RFID manageFilesFolders.php cross site scripting
A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/manageFilesFolders.php. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made...
CVE-2025-10368
CVE-2025-10368 affects MiczFlor RPi-Jukebox-RFID up to 2.8.0. The issue resides in an unknown functionality of the file /htdocs/manageFilesFolders.php; manipulation leads to cross-site scripting. Remote exploitation is possible and the exploit is public. The vendor was contacted early but did not...
CVE-2025-10366
A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...
CVE-2025-10367 MiczFlor RPi-Jukebox-RFID cardEdit.php cross site scripting
A vulnerability has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/cardEdit.php. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public...
CVE-2025-10367 MiczFlor RPi-Jukebox-RFID cardEdit.php cross site scripting
A vulnerability has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/cardEdit.php. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public...
CVE-2025-10366
CVE-2025-10366 affects MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function in the file /htdocs/inc.setWlanIpMail.php , where manipulation of the Email address argument enables a cross-site scripting (XSS) flaw. The attack can be initiated remotely, and the exploit has been publ...
PT-2025-37389
Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A cross site scripting issue exists in MiczFlor RPi-Jukebox-RFID. The vulnerability affects unknown code within the /htdocs/userScripts.php file. Manipulation of the Custom script...
PT-2025-37379
Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A cross-site scripting issue exists in MiczFlor RPi-Jukebox-RFID. The issue affects an unknown part of the /htdocs/cardRegisterNew.php file. Remote attackers can execute manipulation...
PT-2025-37372
Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A flaw has been found in MiczFlor RPi-Jukebox-RFID. The manipulation of the Email address argument in an unknown function of the file /htdocs/inc.setWlanIpMail.php causes cross site...
CVE-2025-10327
A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command injection. The attack can be launched remotely...
CVE-2025-10326
A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-10327 MiczFlor RPi-Jukebox-RFID shuffle.php os command injection
A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command injection. The attack can be launched remotely...
CVE-2025-10327 MiczFlor RPi-Jukebox-RFID shuffle.php os command injection
A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command injection. The attack can be launched remotely...
CVE-2025-10327
CVE-2025-10327 affects MiczFlor RPi-Jukebox-RFID up to version 2.8.0. The vulnerability is an OS command injection in the shuffle.php endpoint located at /htdocs/api/playlist/shuffle.php, triggered by manipulating the playlist argument. It is exploitable remotely and public proofs of concept exis...
CVE-2025-10326 MiczFlor RPi-Jukebox-RFID single.php os command injection
A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been...