Unrated severityNVD Advisory· Published Nov 10, 2025· Updated Dec 1, 2025

CVE-2025-63709

Description

A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of any user who views the task, allowing execution of arbitrary script in the context of the victim's browser.

Affected products

SourceCodester/Simple To-Do List Systemdescription
Chuck24/Simple To Do List Systemllm-fuzzy
Range: = 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/floccocam-cpu/CVE-Research-2025/tree/main/CVE-2025-63709mitre
www.sourcecodester.com/php/17897/simple-do-list-system-using-php.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000