Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 10ddcedbf5d5 · 2026-01-12T12:32:27.000Z
GHSA-grxq-cfv6-jw9w GHSA-p9mf-x9hh-r538 GHSA-gc2x-hm2m-2mfm GHSA-gpr9-62pw-pr5w GHSA-vx23-6x2j-vfq4 GHSA-xg52-rc56-qm35
diff --git a/advisories/unreviewed/2023/10/GHSA-grxq-cfv6-jw9w/GHSA-grxq-cfv6-jw9w.json b/advisories/unreviewed/2023/10/GHSA-grxq-cfv6-jw9w/GHSA-grxq-cfv6-jw9w.json
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-grxq-cfv6-jw9w",
-  "modified": "2024-03-08T18:30:27Z",
+  "modified": "2026-01-12T12:30:27Z",
   "published": "2023-10-13T21:30:21Z",
   "aliases": [
     "CVE-2023-34975"
   ],
-  "details": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.0 ( 2023/07/27 ) and later\n",
+  "details": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.0 ( 2023/07/27 ) and later",
   "severity": [
     {
       "type": "CVSS_V3",
diff --git a/advisories/unreviewed/2023/10/GHSA-p9mf-x9hh-r538/GHSA-p9mf-x9hh-r538.json b/advisories/unreviewed/2023/10/GHSA-p9mf-x9hh-r538/GHSA-p9mf-x9hh-r538.json
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p9mf-x9hh-r538",
-  "modified": "2024-04-04T08:38:25Z",
+  "modified": "2026-01-12T12:30:27Z",
   "published": "2023-10-13T21:30:21Z",
   "aliases": [
     "CVE-2023-34976"
   ],
-  "details": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.0 ( 2023/07/27 ) and later\n",
+  "details": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.0 ( 2023/07/27 ) and later",
   "severity": [
     {
       "type": "CVSS_V3",
diff --git a/advisories/unreviewed/2026/01/GHSA-gc2x-hm2m-2mfm/GHSA-gc2x-hm2m-2mfm.json b/advisories/unreviewed/2026/01/GHSA-gc2x-hm2m-2mfm/GHSA-gc2x-hm2m-2mfm.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gc2x-hm2m-2mfm",
+  "modified": "2026-01-12T12:30:28Z",
+  "published": "2026-01-12T12:30:28Z",
+  "aliases": [
+    "CVE-2025-40977"
+  ],
+  "details": "Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40977"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-workdo-products"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T12:16:06Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-gpr9-62pw-pr5w/GHSA-gpr9-62pw-pr5w.json b/advisories/unreviewed/2026/01/GHSA-gpr9-62pw-pr5w/GHSA-gpr9-62pw-pr5w.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gpr9-62pw-pr5w",
+  "modified": "2026-01-12T12:30:28Z",
+  "published": "2026-01-12T12:30:28Z",
+  "aliases": [
+    "CVE-2025-40978"
+  ],
+  "details": "Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘reply_description’ parameter.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40978"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-workdo-products"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T12:16:07Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-vx23-6x2j-vfq4/GHSA-vx23-6x2j-vfq4.json b/advisories/unreviewed/2026/01/GHSA-vx23-6x2j-vfq4/GHSA-vx23-6x2j-vfq4.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vx23-6x2j-vfq4",
+  "modified": "2026-01-12T12:30:27Z",
+  "published": "2026-01-12T12:30:27Z",
+  "aliases": [
+    "CVE-2025-40976"
+  ],
+  "details": "Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’ parameter.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40976"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-workdo-products"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T12:16:06Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-xg52-rc56-qm35/GHSA-xg52-rc56-qm35.json b/advisories/unreviewed/2026/01/GHSA-xg52-rc56-qm35/GHSA-xg52-rc56-qm35.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xg52-rc56-qm35",
+  "modified": "2026-01-12T12:30:27Z",
+  "published": "2026-01-12T12:30:27Z",
+  "aliases": [
+    "CVE-2025-40975"
+  ],
+  "details": "Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40975"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-workdo-products"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T12:16:05Z"
+  }
+}
