Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 10 Jun 2026 01:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
cvssV3_1
|
Fri, 05 Jun 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Gigtodoscript
Gigtodoscript gigtodo |
|
| Vendors & Products |
Gigtodoscript
Gigtodoscript gigtodo |
Thu, 04 Jun 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 04 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the create_proposal endpoint that execute when administrators or other users view the stored proposal, enabling cookie theft and malicious redirects. | |
| Title | GigToDo Freelance Marketplace Script 1.3 Persistent XSS | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-10T01:23:50.015Z
Reserved: 2026-06-04T11:07:17.017Z
Link: CVE-2019-25739
Updated: 2026-06-04T14:32:47.450Z
Status : Deferred
Published: 2026-06-04T14:16:32.373
Modified: 2026-06-10T02:16:31.907
Link: CVE-2019-25739
No data.
OpenCVE Enrichment
Updated: 2026-06-05T10:07:48Z