Cross-Site Scripting Vulnerability in SourceCodester Simple To-Do List System
CVE-2025-63709

Currently unrated

Key Information:

Vendor

SourceCodester
Status
Simple To-Do List System
Vendor
CVE Published:
10 November 2025

What is CVE-2025-63709?

A Cross-Site Scripting (XSS) vulnerability in SourceCodester's Simple To-Do List System 1.0 allows authenticated users to inject malicious HTML or JavaScript code through the 'Add Tasks' text input. The lack of proper output sanitization and encoding means that any injected scripts can be stored and executed in the browsers of other users who access the affected tasks, potentially compromising their data and security.

References

https://www.sourcecodester.com/php/17897/simple-do-list-s...
https://github.com/floccocam-cpu/CVE-Research-2025/tree/m...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.