exploitDog

GHSA-gc2x-hm2m-2mfm

Опубликовано: 12 янв. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

Описание

Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters.

Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters.

Ссылки

EPSS

Процентиль: 16%

0.00052

Низкий

5.1 Medium

CVSS4

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-40977

nvd

26 дней назад

Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters.

EPSS

Процентиль: 16%

0.00052

Низкий

5.1 Medium

CVSS4

CVE ID

Дефекты

CWE-79