Plattform
javascript
Komponente
local-storage-todo-app
Behoben in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in Local Storage Todo App versions 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user data and session integrity. The vulnerability resides in the /js-todo-app/index.html file and is triggered by manipulating the 'Add' argument. The issue is resolved in version 1.0.1.
Successful exploitation of CVE-2025-0228 allows an attacker to inject arbitrary JavaScript code into the Local Storage Todo App. This could lead to various malicious actions, including stealing user credentials, redirecting users to phishing sites, or defacing the application's interface. The attacker can initiate the attack remotely, making it a significant risk for users who interact with the application. The impact is amplified if the application handles sensitive data or is integrated with other systems.
This vulnerability has been publicly disclosed. While no active exploitation campaigns have been definitively linked to CVE-2025-0228, the availability of a public exploit increases the risk of opportunistic attacks. The vulnerability is not currently listed on CISA KEV. A public proof-of-concept may be available, further increasing the likelihood of exploitation.
Users of Local Storage Todo App version 1.0 are at risk, particularly those who rely on the application for managing sensitive information or who share hosting environments with other applications. Individuals using the application in a production environment or with access to critical data are especially vulnerable.
disclosure
Exploit-Status
EPSS
0.09% (26% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-0228 is to upgrade to version 1.0.1 of Local Storage Todo App. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the 'Add' argument to prevent malicious code from being injected. While a direct workaround is limited, careful code review of the index.html file can identify potential areas for manual sanitization. After upgrading, confirm the vulnerability is resolved by attempting to inject a simple JavaScript payload via the 'Add' argument and verifying that it is not executed.
Actualizar o desinstalar la aplicación Local Storage Todo App. Debido a que es una aplicación simple, revisar y sanitizar la entrada del usuario en el archivo index.html es crucial para prevenir ataques XSS. Alternativamente, implementar una política de seguridad de contenido (CSP) para mitigar el riesgo.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-0228 is a cross-site scripting (XSS) vulnerability affecting Local Storage Todo App versions 1.0, allowing remote attackers to inject malicious scripts.
Yes, if you are using Local Storage Todo App version 1.0, you are affected by this vulnerability. Upgrade to version 1.0.1 to mitigate the risk.
The recommended fix is to upgrade to version 1.0.1 of Local Storage Todo App. If upgrading is not possible, implement input validation on the 'Add' argument.
While no confirmed active exploitation campaigns are known, the public disclosure and potential availability of a proof-of-concept increase the risk of exploitation.
Refer to the project's official repository or website for the latest advisory and release notes regarding CVE-2025-0228.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.