Описание
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button.
Ссылки
- ExploitMitigationThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:remyandrade:ai-powered_to-do_list_app:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00059
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
3 месяца назад
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button.
EPSS
Процентиль: 18%
0.00059
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79