Filtered by vendor Todoist Subscriptions
Filtered by product Todoist Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-57292 1 Todoist 1 Todoist 2025-09-29 6.1 Medium
Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata.