CVE-2025-10642 MEDIUM

CVE-2025-10642: wangchenyi1996 chat_forum q.php cross site scripting

Vendor Wangchenyi1996
Product chat_forum
Weakness CWE-79 · XSS
Published September 18, 2025
Last update September 18, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability has been found in wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument path leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

Key dates

02Disclosure timeline

September 18, 2025 CVE published
September 18, 2025 Record updated