Medium severityNVD Advisory· Published Nov 13, 2025· Updated Apr 15, 2026
CVE-2025-40681
CVE-2025-40681
Description
Cross-site Scripting (XSS) vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' parameter in '/login'. This vulnerability can be exploited to steal sentitive user data, such as session cookies , or to perform actions on behalf of the user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=3.30.1+ 1 more
- (no CPE)range: <=3.30.1
- (no CPE)range: = 3.30.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.