Primary

Context

MiczFlor RPi-Jukebox-RFID Cross-Site Scripting Vulnerability in userScripts.php

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in MiczFlor RPi-Jukebox-RFID versions prior to 2.8.0. The issue resides in the file /htdocs/userScripts.php, where the argument 'Custom script' can be manipulated to inject arbitrary JavaScript. This vulnerability can be exploited remotely, and a public proof-of-concept is available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the /htdocs/userScripts.php file with a crafted 'Custom script' argument that includes JavaScript code, such as an image tag with an 'onerror' event. This will trigger the XSS by executing the injected script in the browser.

Added: Sep 13, 2025, 5:17 PM

Updated: Sep 13, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MiczFlor RPi-Jukebox-RFID Cross-Site Scripting Vulnerability in userScripts.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating