Todoist · Todoist · CVE-2025-57292
**Name of the Vulnerable Software and Affected Versions**
Todoist version 8484
**Description**
The application does not properly validate the MIME type and sanitize image metadata during avatar uploads, leading to a stored cross-site scripting issue. This allows for the execution of malicious scripts.
**Recommendations**
Update to a newer version that contains a fix for this vulnerability.