GHSA-cq5r-qcj6-fvc9MediumCVSS 6.4

GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated...

Published
June 4, 2026
Last Modified
June 4, 2026

🔗 CVE IDs covered (1)

📋 Description

GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the create_proposal endpoint that execute when administrators or other users view the stored proposal, enabling cookie theft and malicious redirects.

🔗 References (6)