CVE-2025-63709

Published: Nov 10, 2025

Modified: Dec 1, 2025

PUBLISHED

Description

A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of any user who views the task, allowing execution of arbitrary script in the context of the victim's browser.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.sourcecodester.com/php/17897/simple-do-list-system-using-php.html

https://github.com/floccocam-cpu/CVE-Research-2025/tree/main/CVE-2025-63709

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-63709

Description

Affected Products

References