CVE-2025-63709 — Cross-site Scripting in Simple To-do List System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.0%

top 91.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Chuck24 Simple To-do List System

Timeline

PublishedNov 10

Description

A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of any user who views the task, allowing execution of arbitrary script in the context of the victim's browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDchuck24/simple_to-do_list_system1.0

🔴Vulnerability Details

CVEList

CVE-2025-63709: A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1↗2025-11-10

▶

GHSA

GHSA-4x55-4jgw-65pj: A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1↗2025-11-10

▶