CVE-2025-40975 | WorkDo HRMGo POST Request changereply Description cross site scripting

Inserito da Angelo Barbosa | Gen 12, 2026 | CVE

A vulnerability classified as problematic was found in WorkDo HRMGo. Impacted is an unknown function of the file /hrmgo/ticket/changereply of the component POST Request Handler. Such manipulation of the argument Description leads to cross site scripting.

This vulnerability is documented as CVE-2025-40975. The attack can be executed remotely. There is not any exploit available.

CVE-2025-40975 | WorkDo HRMGo POST Request changereply Description cross site scripting

Post correlati

CVE-2025-14548 | Calendar Plugin up to 1.3.16 on WordPress event_desc cross site scripting

CVE-2024-46816 | Linux Kernel up to 6.10.8 AMD Display amdgpu_dm initialization (36c39a8dcce2/cf8b16857db7)

CVE-2024-7159 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 Telnet Service product.ini hard-coded password

CVE-2023-7210 | OneNav up to 0.9.33 API /index.php X-Token improper authentication