HRMGo

CVEs (1)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-40975	WorkDo HRMGo	Med	0.33	—	0.00		Jan 12, 2026	Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter.

CVE-2025-40975MedJan 12, 2026
WorkDo
HRMGo
risk 0.33cvss —epss 0.00
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter.