CVE-2025-63638

Medium CVSS: 6.1

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button.

Vendor

Remyandrade

Product

Ai-powered To-do List App

CWE

CWE-79

Yayın Tarihi

2025-11-07 20:15:37

Güncelleme

2025-11-17 18:46:06

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Ai-powered To-do List App MEDIUM Remyandrade 2025

Referanslar

https://github.com/ChuckBartowski7/Vulnerability-Research/tree/main/CVE-2025-63638 https://www.sourcecodester.com/javascript/18421/ai-powered-do-list-app-using-html-css-and-javascript-source-code.html

Benzer Kayıtlar

Medium

CVE-2026-3695

A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the fi…

Medium

CVE-2026-3302

A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown f…

Medium

CVE-2026-3163

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function fil…

Medium

CVE-2026-3070

A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknow…

Critical

CVE-2025-70457

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/up…

Medium

CVE-2025-70458

A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sou…