CVE-2025-10117

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection3 documents3 sources
Severity
5.1MEDIUM
EPSS
0.0%
top 91.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Simple To-do List SystemChuck24 Simple To-do List System
Timeline
PublishedSep 9

Description

A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an unknown function of the file /fetch_tasks.php of the component Add New Task. Executing manipulation with the input alert('XSS') can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Simple To-Do List System Add New Task fetch_tasks.php cross site scripting2025-09-09
GHSA
GHSA-p8c3-q969-4fvc: A weakness has been identified in SourceCodester Simple To-Do List System 12025-09-09
CVE-2025-10117 (MEDIUM CVSS 5.1) | A weakness has been identified in S | cvebase.io