Description

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button.

INFO

Published Date :

2025-11-07T00:00:00.000Z

Last Modified :

2025-11-07T19:51:24.031Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-63638 vulnerability.

Vendors Products
Sourcecodester
  • Ai Powered To Do List App
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-63638.

URL Resource
https://github.com/ChuckBartowski7/Vulnerability-Research/tree/main/CVE-2025-63638 cve-icon cve-icon
https://www.sourcecodester.com/javascript/18421/ai-powered-do-list-app-using-html-css-and-javascript-source-code.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System