CVE-2019-25316

MEDIUM

GOautodial 4.0 - XSS

Title source: llm

Description

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary JavaScript in victim browsers.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cakes · textwebappsphp

https://www.exploit-db.com/exploits/47402

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47402

[Various Sources] https://goautodial.org/

[Third Party Advisory] https://www.vulncheck.com/advisories/goautodial-createevent-persistent-cross-site-scripting

Scores

CVSS v3 6.4

EPSS 0.0004

EPSS Percentile 12.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Goautodial/GOautodial 4.0

Published Feb 11, 2026

Tracked Since Feb 18, 2026