exploitDog

CVE-2025-63709

Опубликовано: 10 нояб. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of any user who views the task, allowing execution of arbitrary script in the context of the victim's browser.

Ссылки

https://github.com/floccocam-cpu/CVE-Research-2025/tree/main/CVE-2025-63709
Exploit
Mitigation
Third Party Advisory
https://www.sourcecodester.com/php/17897/simple-do-list-system-using-php.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chuck24:simple_to-do_list_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00048

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-4x55-4jgw-65pj

CVSS3: 5.4

github

3 месяца назад

A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of any user who views the task, allowing execution of arbitrary script in the context of the victim's browser.

EPSS

Процентиль: 15%

0.00048

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79