36 matches found
CVE-2025-40976
Stored Cross-Site Scripting XSS vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’ parameter...
CVE-2025-40977
Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...
CVE-2025-40975
Stored Cross-Site Scripting XSS vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter...
CVE-2025-40978
Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘replydescription’ parameter...
CVE-2025-40978
Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘replydescription’ parameter...
CVE-2025-40977
Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...
CVE-2025-40976
Stored Cross-Site Scripting XSS vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’ parameter...
CVE-2025-40975
Stored Cross-Site Scripting XSS vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter...
CVE-2025-40978 Multiple vulnerabilities in WorkDo products
Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘replydescription’ parameter...
CVE-2025-40978
WorkDo eCommerceGo SaaS is affected by a Stored Cross-Site Scripting (XSS) vulnerability. The issue stems from insufficient validation of user input delivered via a POST to /ticket/x/conversion using the reply_description parameter, enabling stored XSS. The Red Hat/CIRCL/CNNVD entries corroborate...
CVE-2025-40978 Multiple vulnerabilities in WorkDo products
Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘replydescription’ parameter...
CVE-2025-40977
CVE-2025-40977 is a stored Cross-Site Scripting (XSS) vulnerability affecting WorkDo’s eCommerceGo SaaS. The issue stems from insufficient validation of user input in POST requests to /store-ticket, using the fields “subject” and “description.” Affects WorkDo eCommerceGo (exact affected versions ...
CVE-2025-40977 Multiple vulnerabilities in WorkDo products
Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...
CVE-2025-40977 Multiple vulnerabilities in WorkDo products
Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...
CVE-2025-40976 Multiple vulnerabilities in WorkDo products
Stored Cross-Site Scripting XSS vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’ parameter...
CVE-2025-40976
The CVE-2025-40976 entry concerns WorkDo’s TicketGo SaaS with a stored XSS flaw arising from insufficient input validation on the description field when a POST is sent to /ticketgo-saas/home. Affected component: TicketGo (WorkDo). Root cause: lack of proper validation of user-supplied data in the...
CVE-2025-40976 Multiple vulnerabilities in WorkDo products
Stored Cross-Site Scripting XSS vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’ parameter...
CVE-2025-40975 Multiple vulnerabilities in WorkDo products
Stored Cross-Site Scripting XSS vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter...
CVE-2025-40975 Multiple vulnerabilities in WorkDo products
Stored Cross-Site Scripting XSS vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter...
CVE-2025-40975
CVE-2025-40975 describes a stored Cross-Site Scripting (XSS) vulnerability in WorkDo’s HRMGo. The issue arises from insufficient validation of user input in the description parameter of a POST to /hrmgo/ticket/changereply, allowing injected scripts to be stored. Root cause: lack of proper input v...