Cross-Site Scripting Vulnerability in Wangchenyi1996 Chat Forum
CVE-2025-10642

5.1MEDIUM

Key Information:

Vendor

Wangchenyi1996

Status
Chat Forum
Vendor
CVE Published:
18 September 2025

What is CVE-2025-10642?

A vulnerability in the Wangchenyi1996 Chat Forum has been identified, affecting the script located at /q.php. This issue allows for malicious manipulation of the argument 'path', which can lead to cross-site scripting attacks. Such vulnerabilities can be exploited by unauthorized remote attackers, potentially compromising user data and session integrity. The Chat Forum operates on a rolling release model, which means that affected versions may vary as updates are continuously delivered.

Affected Version(s)

chat_forum 80bdb92f5b460d36cab36e530a2c618acef5afd2

References

https://vuldb.com/?id.324675
vdb-entrytechnical-description
https://vuldb.com/?ctiid.324675
signaturepermissions-required
https://vuldb.com/?submit.651885
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dev03301 (VulDB User)
.
CVE-2025-10642 : Cross-Site Scripting Vulnerability in Wangchenyi1996 Chat Forum