CVE-2025-40977

Publication date

2026-01-12 11:28:01

Family

INCIBE

State

PUBLISHED

Description

Stored Cross-Site Scripting (XSS) vulnerability in WorkDos eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters.