nuz007 smsboom dy.php cross site scripting_CVE-2025-10946

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

Basic Information

ID CVE-2025-10946

Source VulDB

Published Sep 25, 2025 at 13:02

Affected Product

Vendor nuz007

Product smsboom

Version 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674

Affected Versions nuz007 smsboom 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.",
    "published": "2025-09-25T13:02:05.968Z",
    "modified": "2025-09-25T13:02:05.968Z",
    "type": "cve",
    "title": "nuz007 smsboom dy.php cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325816\nhttps://vuldb.com/?ctiid.325816\nhttps://vuldb.com/?submit.651887\nhttps://github.com/nuz007/smsboom/blob/main/dy.php#L20",
    "id": "CVE-2025-10946",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "nuz007 smsboom 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "smsboom",
    "version": "01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674",
    "vendor": "nuz007",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}