CVE-2025-63709_CVE-2025-63709

4.6 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Description

A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of any user who views the task, allowing execution of arbitrary script in the context of the victim's browser.

Basic Information

ID CVE-2025-63709

Source mitre

Published Nov 10, 2025 at 00:00

Modified Nov 18, 2025 at 16:38

Affected Product

Vendor n/a

Product n/a

Version n/a

Affected Versions n/a n/a n/a

References

{
    "lastseen": "",
    "description": "A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the \"Add Tasks\" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of any user who views the task, allowing execution of arbitrary script in the context of the victim's browser.",
    "published": "2025-11-10T00:00:00.000Z",
    "modified": "2025-11-18T16:38:09.265Z",
    "type": "cve",
    "title": "CVE-2025-63709",
    "source": "mitre",
    "references": "https://www.sourcecodester.com/php/17897/simple-do-list-system-using-php.html\nhttps://github.com/floccocam-cpu/CVE-Research-2025/tree/main/CVE-2025-63709",
    "id": "CVE-2025-63709",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 4.6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n/a",
    "version": "n/a",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply