PT-2025-45495 · Sourcecodester · Ai-Powered To-Do List App
Published
2025-11-07
·
Updated
2025-11-07
·
CVE-2025-63638
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sourcecodester AI-Powered To-Do List App version 1.0
Description
The application is susceptible to Cross-Site Scripting (XSS) attacks. Specifically, the "Task Title" and "Description (Optional)" fields are vulnerable when creating a new task. An attacker can inject malicious HTML or JavaScript code into these fields. This code will then execute in a victim's browser when they click the "Add Task" button. The API endpoint used for task creation is not specified. The vulnerable parameters are
Task Title and Description (Optional).Recommendations
Sourcecodester AI-Powered To-Do List App version 1.0: Sanitize user input for the
Task Title and Description (Optional) fields to prevent the injection of malicious scripts.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ai-Powered To-Do List App