Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-63713

Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test titles and matching pair items before rendering them in the DOM during test execution.

Published

2025-11-07T18:15:36.373

Last Modified

2025-11-18T19:33:04.807

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	remyandrade	matching_type_test	1.0	Yes

References

https://github.com/floccocam-cpu/CVE-Research-2025/blob/main/CVE-2025-63713/README7.md Exploit, Mitigation, Third Party Advisory ([email protected])
https://www.sourcecodester.com/javascript/18431/matching-type-test-using-html-css-and-javascript-source-code.html Product ([email protected])