CVE-2025-40978

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘replydescription’ parameter...

CVE-2025-40978

WorkDo eCommerceGo SaaS is affected by a Stored Cross-Site Scripting (XSS) vulnerability. The issue stems from insufficient validation of user input delivered via a POST to /ticket/x/conversion using the reply_description parameter, enabling stored XSS. The Red Hat/CIRCL/CNNVD entries corroborate...

CVE-2025-40978 Multiple vulnerabilities in WorkDo products

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘replydescription’ parameter...

WorkDo HRM SaaS HR and Payroll Tool 跨站脚本漏洞

WorkDo HRM SaaS HR and Payroll Tool is a human resource management software from WorkDo, Inc. WorkDo HRM SaaS HR and Payroll Tool suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the replydescription parameter when sending a POST request ...

PT-2026-1801

Name of the Vulnerable Software and Affected Versions WorkDo eCommerceGo SaaS affected versions not specified Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The issue involves sending a POST request to the ''/ticket/x/conversion''...