Medium severity5.4NVD Advisory· Published Jun 4, 2026· Updated Jun 10, 2026
CVE-2019-25739
CVE-2019-25739
Description
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the create_proposal endpoint that execute when administrators or other users view the stored proposal, enabling cookie theft and malicious redirects.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.3
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.