CVE-2025-57292
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS
Description
Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata.
Discovered Stored XSS vulnerability on Todoist's platform through the avatar upload feature
GitHubI discovered a Stored XSS vulnerability on Todoist's platform through the avatar upload feature
GitHub