{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-10642", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-09-17T14:32:56.178Z", "datePublished": "2025-09-18T01:32:06.355Z", "dateUpdated": "2025-09-18T13:17:07.434Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-18T01:32:06.355Z"}, "title": "wangchenyi1996 chat_forum q.php cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "wangchenyi1996", "product": "chat_forum", "versions": [{"version": "80bdb92f5b460d36cab36e530a2c618acef5afd2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument path leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases."}, {"lang": "de", "value": "In wangchenyi1996 chat_forum bis 80bdb92f5b460d36cab36e530a2c618acef5afd2 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /q.php. Dank Manipulation des Arguments path mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Bei diesem Produkt handelt es sich um ein Rolling Release, das eine fortlaufende Bereitstellung erm\u00f6glicht. Aus diesem Grund stehen keine Versionsinformationen zu betroffenen oder aktualisierten Versionen zur Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:ND/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-09-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-09-17T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-09-17T16:38:28.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "dev03301 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.324675", "name": "VDB-324675 | wangchenyi1996 chat_forum q.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.324675", "name": "VDB-324675 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.651885", "name": "Submit #651885 | wangchenyi1996 chat_forum master CWE-79", "tags": ["third-party-advisory"]}, {"url": "https://github.com/wangchenyi1996/chat_forum/blob/master/q.php#L31", "tags": ["related"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-18T13:17:01.298204Z", "id": "CVE-2025-10642", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-18T13:17:07.434Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10642", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-18T13:17:01.298204Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-18T13:17:03.907Z"}}], "cna": {"title": "wangchenyi1996 chat_forum q.php cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "dev03301 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:ND/RL:ND/RC:UR"}}], "affected": [{"vendor": "wangchenyi1996", "product": "chat_forum", "versions": [{"status": "affected", "version": "80bdb92f5b460d36cab36e530a2c618acef5afd2"}]}], "timeline": [{"lang": "en", "time": "2025-09-17T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-09-17T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-09-17T16:38:28.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.324675", "name": "VDB-324675 | wangchenyi1996 chat_forum q.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.324675", "name": "VDB-324675 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.651885", "name": "Submit #651885 | wangchenyi1996 chat_forum master CWE-79", "tags": ["third-party-advisory"]}, {"url": "https://github.com/wangchenyi1996/chat_forum/blob/master/q.php#L31", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument path leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases."}, {"lang": "de", "value": "In wangchenyi1996 chat_forum bis 80bdb92f5b460d36cab36e530a2c618acef5afd2 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /q.php. Dank Manipulation des Arguments path mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Bei diesem Produkt handelt es sich um ein Rolling Release, das eine fortlaufende Bereitstellung erm\u00f6glicht. Aus diesem Grund stehen keine Versionsinformationen zu betroffenen oder aktualisierten Versionen zur Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-18T01:32:06.355Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10642", "state": "PUBLISHED", "dateUpdated": "2025-09-18T13:17:07.434Z", "dateReserved": "2025-09-17T14:32:56.178Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-09-18T01:32:06.355Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument path leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases."}], "id": "CVE-2025-10642", "lastModified": "2025-09-18T13:43:34.310", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-09-18T02:15:40.463", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/wangchenyi1996/chat_forum/blob/master/q.php#L31"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.324675"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.324675"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.651885"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"created": "2025-09-18T12:41:04.511963+00:00", "updated": "2025-09-18T12:41:04.512018+00:00", "vendors": ["chat_forum_project", "chat_forum_project$PRODUCT$chat_forum"]}