eCommerceGo SaaS

CVEs (2)

• CVE-2025-40978MedJan 12, 2026
  WorkDo

  eCommerceGo SaaS
  risk 0.33cvss —epss 0.00

  Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘reply_description’ parameter.

• CVE-2025-40977MedJan 12, 2026
  WorkDo

  eCommerceGo SaaS
  risk 0.33cvss —epss 0.00

  Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters.