Plataforma
php
Componente
task-reminder-system
Corrigido em
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in SourceCodester Task Reminder System versions 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. The vulnerability resides within the Maintenance Section, specifically through manipulation of the System Name argument. Affected users should upgrade to version 1.0.1 to mitigate this risk.
Successful exploitation of CVE-2025-0464 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious outcomes, including session hijacking, phishing attacks, and defacement of the application's interface. An attacker could steal sensitive information like user credentials or redirect users to malicious websites. The impact is amplified if the Task Reminder System is used to manage critical tasks or sensitive data, as a compromised administrator account could grant the attacker broad control over the system.
This vulnerability has been publicly disclosed. While the CVSS score is LOW (2.4), the ease of exploitation and potential impact on user data warrant prompt remediation. No known active exploitation campaigns have been reported at the time of this writing, but the public availability of the vulnerability increases the risk of future attacks. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations and individuals using the Task Reminder System 1.0, particularly those who rely on it for managing sensitive tasks or data, are at risk. Shared hosting environments where multiple users share the same server instance are also at increased risk, as a compromise of one user's account could potentially impact others.
• wordpress / composer / npm:
grep -r "System Name" /var/www/html/task_reminder_system/• generic web:
curl -I http://your-task-reminder-system/maintenance.php?System%20Name=<script>alert(1)</script>disclosure
Status do Exploit
EPSS
0.13% (percentil 33%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-0464 is to upgrade to version 1.0.1 of the Task Reminder System. This version contains a fix that addresses the vulnerability. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the System Name field within the Maintenance Section to sanitize user-supplied data. While not a complete solution, this can reduce the attack surface. Review and harden the application's security configuration, ensuring proper access controls and regular security audits are performed.
Actualizar a una versión parcheada del software. Si no hay una versión disponible, se recomienda deshabilitar o eliminar el componente 'Maintenance Section' o aplicar un filtro de entrada para evitar la ejecución de código JavaScript malicioso en el campo 'System Name'.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-0464 is a cross-site scripting (XSS) vulnerability in Task Reminder System 1.0 that allows attackers to inject malicious scripts via the System Name argument in the Maintenance Section.
Yes, if you are using Task Reminder System version 1.0, you are affected by this vulnerability. Upgrade to version 1.0.1 to resolve the issue.
Upgrade to version 1.0.1 of the Task Reminder System. If immediate upgrade is not possible, implement input validation and output encoding on the System Name field.
No active exploitation campaigns have been reported, but the public disclosure of the vulnerability increases the risk of future attacks.
Refer to the SourceCodester website or their official communication channels for the advisory related to CVE-2025-0464.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.