CVE-2025-10945
Description
A security vulnerability has been detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Impacted is an unknown function of the file d.php. Such manipulation of the argument hm leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An XSS vulnerability in smsboom's d.php via the 'hm' parameter allows remote attackers to inject arbitrary scripts.
A cross-site scripting (XSS) vulnerability has been discovered in nuz007's smsboom up to commit 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The issue resides in the file d.php, where the hm parameter is not properly sanitized before being processed, leading to injection of arbitrary HTML and JavaScript code [1].
Attackers can exploit this vulnerability remotely without authentication by crafting a malicious URL that passes a crafted hm value. The product is a SMS bombing tool often used for testing or malicious purposes, so the attacker may trick a user into clicking a crafted link, triggering the XSS in the victim's browser.
Successful exploitation allows the attacker to execute arbitrary scripts in the context of the vulnerable application. This can lead to session hijacking, cookie theft, or redirection to malicious sites, depending on the application's functionality and the attacker's payload.
As smsboom is a rolling release project with no fixed version numbers, users are advised to update to the latest commit available on the official repository. No other mitigations are documented at this time [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.