CVE-2025-40978 | WorkDo eCommerceGo SaaS POST Request /ticket/x/conversion reply_description cross site scripting

Inserito da Angelo Barbosa | Gen 12, 2026 | CVE

A vulnerability classified as problematic has been found in WorkDo eCommerceGo SaaS. This issue affects some unknown processing of the file /ticket/x/conversion of the component POST Request Handler. This manipulation of the argument reply_description causes cross site scripting.

This vulnerability is registered as CVE-2025-40978. Remote exploitation of the attack is possible. No exploit is available.

CVE-2025-40978 | WorkDo eCommerceGo SaaS POST Request /ticket/x/conversion reply_description cross site scripting

Post correlati

CVE-2023-50868 | Unbound up to 1.19.0 NSEC3 RRSET Response denial of service

CVE-2020-8006 | Circontrol Raption up to 5.11.2 HTTP Header stack-based overflow

CVE-2023-45217 | Intel Power Gadget Software on Windows access control (intel-sa-01037)

CVE-2025-4018 | 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160 CrawlController.java addCrawlSource missing authentication