XSS in Xcally Omnichannel

CVE-2025-40681

Cross-site Scripting (XSS) vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' paramet…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (18.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References