CVE-2025-10370 MiczFlor RPi-Jukebox-RFID userScripts.php cross site scripting

A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is...

RPi-Jukebox-RFID Security Vulnerability

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the German individual developer Micz Flor. It plays audio files, playlists, podcasts, web streams and spotify triggered by the RFID card. A security vulnerability exists in MiczFlor RPi-Jukebox-RFID version 2.5.0 and earlier, whi...