CVE-2025-63713

MEDIUM

SourceCodester MatchMaster 1.0 - XSS

Title source: llm

Description

Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test titles and matching pair items before rendering them in the DOM during test execution.

References (2)

Core 2

Core References

Exploit, Mitigation, Third Party Advisory

https://github.com/floccocam-cpu/CVE-Research-2025/blob/main/CVE-2025-63713/README7.md

View Exploit ZIP pw:eip

Product

https://www.sourcecodester.com/javascript/18431/matching-type-test-using-html-css-and-javascript-source-code.html

Scores

CVSS v3 6.1

EPSS 0.0006

EPSS Percentile 17.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

remyandrade/matching_type_test 1.0

Published Nov 07, 2025

Tracked Since Feb 18, 2026