| Title | SourceCodester Simple To-Do List System 1.0 Cross Site Scripting |
|---|
| Description | The system contains a critical security vulnerability known as a Stored Cross-Site Scripting (XSS) vulnerability. The root cause of this vulnerability lies in the application’s failure to adequately sanitize and escape user-inputted task content. When an attacker inserts malicious JavaScript code (such as <script>alert('XSS')</script>) into the "Enter task..." input field within the "Add New Task" pop-up window and saves it, this malicious code is directly stored in the website’s database.Subsequently, when any user accesses the application’s main page, the system loads all task lists from the database and renders this unfiltered content directly into the webpage. The browser interprets the malicious code as legitimate script instructions, resulting in a persistent attack that poses a threat to all visitors. Attackers can exploit this vulnerability to steal users’ session cookies, manipulate page content, redirect users to malicious websites, or even perform unauthorized actions on behalf of the user. |
|---|
| Source | ⚠️ https://github.com/chen2496088236/CVE/issues/11 |
|---|
| User | 111ctx (UID 89466) |
|---|
| Submission | 09/02/2025 02:49 (9 months ago) |
|---|
| Moderation | 09/08/2025 16:40 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 323087 [SourceCodester Simple To-Do List System 1.0 Add New Task /fetch_tasks.php cross site scripting] |
|---|
| Points | 20 |
|---|