exploitDog

GHSA-cmm8-cjqm-f8mf

Опубликовано: 01 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment.

Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment.

Ссылки

EPSS

Процентиль: 13%

0.00044

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-63317

CVSS3: 5.4

nvd

2 месяца назад

Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment.

EPSS

Процентиль: 13%

0.00044

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79