Platform
php
Component
task-reminder-system
Fixed in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in SourceCodester Task Reminder System versions 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. The vulnerability resides within the Maintenance Section, specifically through manipulation of the System Name argument. Affected users should upgrade to version 1.0.1 to mitigate this risk.
Successful exploitation of CVE-2025-0464 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious outcomes, including session hijacking, phishing attacks, and defacement of the application's interface. An attacker could steal sensitive information like user credentials or redirect users to malicious websites. The impact is amplified if the Task Reminder System is used to manage critical tasks or sensitive data, as a compromised administrator account could grant the attacker broad control over the system.
This vulnerability has been publicly disclosed. While the CVSS score is LOW (2.4), the ease of exploitation and potential impact on user data warrant prompt remediation. No known active exploitation campaigns have been reported at the time of this writing, but the public availability of the vulnerability increases the risk of future attacks. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.13% (33% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-0464 is to upgrade to version 1.0.1 of the Task Reminder System. This version contains a fix that addresses the vulnerability. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the System Name field within the Maintenance Section to sanitize user-supplied data. While not a complete solution, this can reduce the attack surface. Review and harden the application's security configuration, ensuring proper access controls and regular security audits are performed.
Update to a patched version of the software. If no version is available, it is recommended to disable or remove the 'Maintenance Section' component or apply an input filter to prevent the execution of malicious JavaScript code in the 'System Name' field.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-0464 is a cross-site scripting (XSS) vulnerability in Task Reminder System 1.0 that allows attackers to inject malicious scripts via the System Name argument in the Maintenance Section.
Yes, if you are using Task Reminder System version 1.0, you are affected by this vulnerability. Upgrade to version 1.0.1 to resolve the issue.
Upgrade to version 1.0.1 of the Task Reminder System. If immediate upgrade is not possible, implement input validation and output encoding on the System Name field.
No active exploitation campaigns have been reported, but the public disclosure of the vulnerability increases the risk of future attacks.
Refer to the SourceCodester website or their official communication channels for the advisory related to CVE-2025-0464.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.