CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Doist: >> Todoist >> 8486 Security Vulnerabilities

CVE-2025-63317

Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment.

CVSS Score

5.4

EPSS Score

0.0

Published

2025-12-01

Page 1

Vulnerabilities

Vulnerable Software

Doist: >> Todoist >> 8486 Security Vulnerabilities

Products

Pricing

Contact Us