CVE-2025-40975

Stored Cross-Site Scripting XSS vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter...

CVE-2025-40975

Stored Cross-Site Scripting XSS vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter...

CVE-2025-40975 Multiple vulnerabilities in WorkDo products

Stored Cross-Site Scripting XSS vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter...

CVE-2025-40975

CVE-2025-40975 describes a stored Cross-Site Scripting (XSS) vulnerability in WorkDo’s HRMGo. The issue arises from insufficient validation of user input in the description parameter of a POST to /hrmgo/ticket/changereply, allowing injected scripts to be stored. Root cause: lack of proper input v...

WorkDo HRMGo 跨站脚本漏洞

WorkDo HRMGo is a human resource management platform from WorkDo Inc. in the United States. WorkDo HRMGo suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the subject and description parameters when sending a POST request to /store-ticket,...

PT-2026-1798

Name of the Vulnerable Software and Affected Versions WorkDo HRMGo affected versions not specified Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The issue involves sending a POST request to the /hrmgo/ticket/changereply API...

WorkDo HRMGo 跨站脚本漏洞

WorkDo HRMGo is a human resource management platform from WorkDo, Inc. in the United States. WorkDo HRMGo suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the description parameter when sending a POST request to /hrmgo/ticket/changereply,...