CVE-2019-25739 in GigToDoinfo

Summary

by MITRE • 06/04/2026

GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the create_proposal endpoint that execute when administrators or other users view the stored proposal, enabling cookie theft and malicious redirects.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulnCheck

Reservation

06/04/2026

Disclosure

06/04/2026

Moderation

accepted

Entry

VDB-368343

CPE

ready

CWE

CWE-79 (confirmed)

Exploit

Download

CVSS

6.4 (CNA)

EPSS

0.00000

KEV

Activities

low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-25739
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-25739
CVE Details	https://www.cvedetails.com/cve/CVE-2019-25739/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!