Filtered by vendor Gigtodoscript
Subscriptions
Filtered by product Gigtodo
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25739 | 1 Gigtodoscript | 1 Gigtodo | 2026-06-05 | 6.4 Medium |
| GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the create_proposal endpoint that execute when administrators or other users view the stored proposal, enabling cookie theft and malicious redirects. | ||||
Page 1 of 1.