- **CVE ID:** CVE-2025-63714 - **Vulnerability Type:** Cross Site Scripting (XSS) - **Exploit Details:** - The vulnerability was exploited by injecting a script into the Username Prefix field. - Unsafe DOM manipulation methods were used to display user-generated content without proper sanitization. - A button was created that executes JavaScript when clicked. - **Reproduction Steps:** 1. Add a HTML script in the Username Prefix field. 2. Click the "Generate Accounts" button. - **Affected Component:** - `script.js` (account generation functionality) - DOM rendering functions - User input handling - **Attack Type:** Remote - **Impact:** Code execution (true) - **Attack Vectors:** Malicious HTML/JavaScript payload in the "Username Prefix" field. - **Discoverer:** Camilla Flocco - **Vendor of Product:** SourceCodester - **Affected Product Code Base:** Modern User Account Generator 1.0