CVE-2025-63714 — MEDIUM (6.1)

Vulnerability Description

Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of user-supplied input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute when clicked by users.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Remyandrade	Modern User Account Generator	1.0

Related Weaknesses (CWE)

CWE-79

References

https://github.com/floccocam-cpu/CVE-Research-2025/blob/main/CVE-2025-63714/READExploitThird Party Advisory
https://www.sourcecodester.com/javascript/18430/modern-user-account-generator-usProduct

FAQ

What is CVE-2025-63714?

CVE-2025-63714 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via craf...

How severe is CVE-2025-63714?

CVE-2025-63714 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-63714?

Check the references section above for vendor advisories and patch information. Affected products include: Remyandrade Modern User Account Generator.