CVE-2025-40977
12.01.2026, 12:16
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to /store-ticket, using the subject and description parameters.