CVE-2025-40681 – Cross-Site Scripting (XSS) in xCally Omnichannel

CVE ID : CVE-2025-40681

Published : 13. November 2025 13:15 | 1 Stunde, 43 Minuten ago

Description : Cross-site Scripting (XSS) vulnerability reflected in xCally’s Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim’s browser by sending them a malicious URL using the ‘failureMessage’ parameter in ‘/login’. This vulnerability can be exploited to steal sentitive user data, such as session cookies , or to perform actions on behalf of the user.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…