Cross Site Scripting in nuz007 smsboom by nuz007
CVE-2025-10946

5.1MEDIUM

Key Information:

Vendor

Nuz007

Status
Smsboom
Vendor
CVE Published:
25 September 2025

What is CVE-2025-10946?

A Cross Site Scripting vulnerability has been identified in the nuz007 smsboom application, particularly affecting an unspecified function within the dy.php file. This vulnerability arises when an attacker manipulates the 'hm' argument, enabling potential remote exploitation. Due to the application's rolling release model, specific version identifiers for the affected builds are not disclosed, posing a risk for users of any version leading up to commit 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674.

Affected Version(s)

smsboom 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674

References

https://vuldb.com/?id.325816
vdb-entrytechnical-description
https://vuldb.com/?ctiid.325816
signaturepermissions-required
https://vuldb.com/?submit.651887
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dev03303 (VulDB User)
JSON
.