Cross-Site Scripting Vulnerability in Sourcecodester Medicine Reminder App
CVE-2025-63640

6.1MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Medicine Reminder App
Vendor: CVE Published:; 7 November 2025

🔔 Create Sourcecodester Vulnerability Alert

What is CVE-2025-63640?

The Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. This vulnerability arises in the 'Medicine Name' and 'Notes (Optional)' fields when creating an 'Upcoming Reminder'. An attacker can exploit this flaw to inject arbitrary HTML or JavaScript code, which may be executed in the web browser of a user who clicks the 'Save Reminder' button. Such an exploitation could lead to unauthorized actions being performed on behalf of the user, compromising their sensitive information and overall application security.

References

https://www.sourcecodester.com/javascript/18402/medicine-...

https://github.com/ChuckBartowski7/Vulnerability-Research...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2025
Vulnerability Reserved
Oct 27, 2025

JSON