CVE-2025-40977
CVE-2025-40977 is a stored Cross-Site Scripting (XSS) vulnerability affecting WorkDo’s eCommerceGo SaaS. The issue stems from insufficient validation of user input in POST requests to /store-ticket, using the fields “subject” and “description.” Affects WorkDo eCommerceGo (exact affected versions ...