CVE-2025-10117

Опубликовано: 09 сент. 2025

Источник: nvd

CVSS3: 3.5

CVSS3: 5.4

CVSS2: 4

EPSS Низкий

Описание

A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an unknown function of the file /fetch_tasks.php of the component Add New Task. Executing manipulation with the input can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

Ссылки

https://github.com/chen2496088236/CVE/issues/11
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.323087
Permissions Required
VDB Entry
https://vuldb.com/?id.323087
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.645597
Third Party Advisory
VDB Entry
https://www.sourcecodester.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chuck24:simple_to-do_list_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.0002

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-p8c3-q969-4fvc

CVSS3: 3.5

github

5 месяцев назад

A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an unknown function of the file /fetch_tasks.php of the component Add New Task. Executing manipulation with the input <script>alert('XSS')</script> can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

EPSS

Процентиль: 4%

0.0002

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79