exploitDog

GHSA-gpr9-62pw-pr5w

Опубликовано: 12 янв. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

Описание

Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘reply_description’ parameter.

Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘reply_description’ parameter.

Ссылки

EPSS

Процентиль: 16%

0.00052

Низкий

5.1 Medium

CVSS4

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-40978

nvd

27 дней назад

Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘reply_description’ parameter.

EPSS

Процентиль: 16%

0.00052

Низкий

5.1 Medium

CVSS4

CVE ID

Дефекты

CWE-79