XSS in Xcally Omnichannel
CVE-2025-40681
Cross-site Scripting (XSS) vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' paramet…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (18.3th percentile) — read the EPSS interpretation.
Affected products
- Xcally Omnichannel — versions 3.30.1