PT-2026-1801 · Unknown · Workdo Ecommercego
Published
2026-01-12
·
Updated
2026-01-12
·
CVE-2025-40978
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
WorkDo eCommerceGo SaaS (affected versions not specified)
Description
A stored Cross-Site Scripting (XSS) issue exists due to insufficient validation of user-supplied data. The issue involves sending a POST request to the ''/ticket/x/conversion'' API endpoint, specifically utilizing the
reply description parameter. This allows for the injection of malicious scripts.Recommendations
Ensure proper validation and sanitization of user input for the
reply description parameter in the ''/ticket/x/conversion'' API endpoint.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Workdo Ecommercego