Ai Font Matcher
Approved changes feed: RSS · Atom
cpe:2.3:a:remyandrade:ai_font_matcher:2025-10-10:*:*:*:*:*:*:*
part: a version: 2025-10-10 update: *
| Vendor | Remyandrade (778e90e9-129a-5d15-ad71-c8bb9070dcc5) |
|---|---|
| Product | Ai Font Matcher (0b291173-ba26-5261-baee-4eb3393b4cd0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-63708 |
vulnerable | 2026-06-03 15:09:36.871541 |
Details available
Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly sanitized. An attacker can intercept fetch requests to the webfonts endpoint and inject malicious JavaScript payloads through font family names, resulting in session cookie theft, account hijacking, and unauthorized actions performed on behalf of authenticated users. The vulnerability can be exploited by injecting a fetch hook that returns controlled font data containing malicious scripts.
Published: 2025-11-17T00:00:00.000Z
Updated: 2025-11-17T16:31:49.233Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.