exploitDog

CVE-2025-63640

Опубликовано: 07 нояб. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Save Reminder" button.

Ссылки

https://github.com/ChuckBartowski7/Vulnerability-Research/blob/main/CVE-2025-63640/README.md
Exploit
Mitigation
Third Party Advisory
https://www.sourcecodester.com/javascript/18402/medicine-reminder-app-using-html-css-and-javascript-source-code.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rems:medicine_reminder_app:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00059

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-8qh7-rvp7-2455

CVSS3: 6.1

github

3 месяца назад

Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Save Reminder" button.

EPSS

Процентиль: 19%

0.00059

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79