CVE-2025-40642

Publication date

2025-09-08 11:25:15

Family

INCIBE

State

PUBLISHED

Description

Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the q and engine request parameters in /search.