CNNVD-202509-4086 Information

CNNVD ID

CNNVD-202509-4086

Related CVE

CVE-2025-57292

• CNNVD Published: 2025-09-26

Description (Chinese)

Todoist是Todoist公司的一个任务管理与待办事项应用。 Todoist v8484版本存在安全漏洞，该漏洞源于头像上传功能未正确验证MIME类型和清理图像元数据，可能导致存储型跨站脚本攻击。

Description (English)

Todoist is a task management and to-do application of Todoist. There is a security loophole in the Todoist v8484 version, which stems from the incorrect authentication of mimetypes and the cleaning of image metadata by the image upload function, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Todoist

Published

2025-09-26

Last Modified

2026-02-24

References

https://github.com/ASencerK/TodoistStoredXSS https://github.com/echoBRT/TodoistStoredXSS