GHSA-cq5r-qcj6-fvc9MediumCVSS 6.4
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated...
🔗 CVE IDs covered (1)
📋 Description
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the create_proposal endpoint that execute when administrators or other users view the stored proposal, enabling cookie theft and malicious redirects.
🔗 References (6)
- https://nvd.nist.gov/vuln/detail/CVE-2019-25739
- https://codecanyon.net/item/gigtodo-freelance-marketplace-script/23855397
- https://www.exploit-db.com/exploits/47185
- https://www.gigtodoscript.com
- https://www.vulncheck.com/advisories/gigtodo-freelance-marketplace-script-persistent-xss
- https://github.com/advisories/GHSA-cq5r-qcj6-fvc9