## Key Information about Vulnerability CVE-2025-63713 ### Vulnerability Type - Cross Site Scripting (XSS) ### Additional Information - The vulnerability was successfully exploited using the following payload: `test` - The application inconsistently uses `innerHTML` and `textContent` in the custom test creation workflow, allowing HTML/JavaScript injection. - Attack requires the attacker to trick the victim into completing a maliciously crafted matching test. ### Reproduction Steps 1. Open the Matching Type Test application (no authentication required). 2. Enter a test title and left/right items, injecting the payload into the `Test Title, Left item, or Right item` input fields. Create the test and click `Check Answers`. This will generate a `test` button in the matching interface. 3. When the user clicks the generated `test` button, the injected `onclick` handler executes (triggering an alert in the PoC). ### Affected Components - `script.js` - `createCustomTest()` function, `createItemElement()` function, and the `matching-area` DOM element where test content is injected and rendered. ### Attack Type - Remote ### Affects Code Execution - Yes ### Attack Vector - To exploit this vulnerability, the attacker must craft a custom test by injecting malicious HTML/JavaScript payload into the `Test Title, Left item, or Right item` input fields. The payload is executed when the malicious content is rendered in the matching interface after completing the matching exercise. ### Discoverer - Camilla Flocco ### References - [Link](https://www.sourcecodester.com/javascript/18431/matching-type-test-using-html-css-and-javascript-source-code.html) ### Product Vendor - SourceCodester ### Affected Product Codebase - Matching Type Test 1.0 using HTML, CSS, and JavaScript ### Recommended Mitigation - Treat all user-supplied input as untrusted and sanitize or encode it before inserting into the DOM.