13 matches found
CVE-2026-35601 Vikunja has an iCalendar Property Injection via CRLF in CalDAV Task Output
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT value escaping. User-controlled task titles containing CRLF characters break the iCalendar propert...
CVE-2025-63638
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...
EUVD-2025-38293
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...
CVE-2025-63638
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...
CVE-2025-63638
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...
CVE-2025-63638
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...
CVE-2025-63638
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...
PT-2025-45495
Name of the Vulnerable Software and Affected Versions Sourcecodester AI-Powered To-Do List App version 1.0 Description The application is susceptible to Cross-Site Scripting XSS attacks. Specifically, the "Task Title" and "Description Optional" fields are vulnerable when creating a new task. An...
CVE-2025-63638
The CVE-2025-63638 entry corresponds to a Cross-Site Scripting (XSS) vulnerability in Sourcecodester AI-Powered To-Do List App v1.0. According to multiple sources (NVD, Red Hat, ENISA/EUVD, CVE/CVEList, CNNVD), the flaw affects the Task Title and the Description (Optional) fields when creating a ...
CVE-2024-48706
Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the title parameter with action=add or action=editform within the a managemessage.php file and b managetask.php file respectively...
Cross site scripting
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...
CVE-2022-22109 DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...
Daybyday CRM 跨站脚本漏洞
DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. A cross-site scripting vulnerability exists in DayByDay CRM. The vulnerability stems from the title field of a new task in the product...