Primary

Context

MiczFlor RPi-Jukebox-RFID Cross-Site Scripting Vulnerability in cardRegisterNew.php

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in MiczFlor RPi-Jukebox-RFID versions through 2.8.0. The issue resides in the file /htdocs/cardRegisterNew.php, where improper handling of user input allows for the injection of malicious scripts. This vulnerability can be exploited remotely, requiring some user interaction.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject and execute arbitrary JavaScript in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the /htdocs/cardRegisterNew.php file with a payload that includes JavaScript code, such as an image tag with an 'onerror' event. The injected script will be executed in the browser, demonstrating the cross-site scripting vulnerability.

Added: Sep 13, 2025, 5:19 PM

Updated: Sep 13, 2025, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MiczFlor RPi-Jukebox-RFID Cross-Site Scripting Vulnerability in cardRegisterNew.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating