PT-2025-45497 · Sourcecodester · Medicine Reminder App
Published
2025-11-07
·
Updated
2025-11-07
·
CVE-2025-63640
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Medicine Reminder App version 1.0
Description
The application is susceptible to Cross-Site Scripting (XSS). An attacker can inject potentially malicious HTML/JavaScript code into the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder". This code executes in the victim's browser when the "Save Reminder" button is clicked. The vulnerable parameters are
Medicine Name and Notes (Optional).Recommendations
Apply input validation and output encoding to the
Medicine Name and Notes (Optional) fields to prevent the injection of malicious scripts.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Medicine Reminder App