CVE-2025-40679

Description

HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category_product_search', affecting the 'product_name' parameter.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

Active

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

Low

Availability (Subsequent System)

None

Affected products

Bdtask / Isshueall versions – all versions

References

MISChttps://www.incibe.es/en/incibe-cert/notices/aviso-sci/html-injection-isshue-bdtask