MEDIUM
Gigtodoscript
CVE published 2026-06-04
CVE-2019-25739
CVE-2019-25739 is a medium-severity vulnerability in GigToDo 1.3, a freelance marketplace script, that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the create_proposal endpoint that execute when administrators or other users view the stored proposal, enabling cookie theft and malicious redirects.