CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Doist: >> Todoist Security Vulnerabilities

CVE-2025-57292

Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata.

CVSS Score

6.1

EPSS Score

0.0

Published

2025-09-26

Page 1

Vulnerabilities

Vulnerable Software

Doist: >> Todoist Security Vulnerabilities

Products

Pricing

Contact Us