CVE-2025-63317 | Todoist SVG File Parser /api/v1/uploads cross site scripting

December 1, 2025 Yanac

A vulnerability was found in Todoist. It has been classified as problematic. The affected element is an unknown function of the file /api/v1/uploads of the component SVG File Parser. Performing manipulation results in cross site scripting.

This vulnerability was named CVE-2025-63317. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More

CVE-2025-66308 | grav up to 1.10.x Admin Plugin /admin/config/site cross site scripting (GHSA-gqxx-248x-g29f)
CVE-2025-65622 | Snipe-IT up to 8.3.3 Country cross site scripting