HTML Injection in Isshue from Bdtask Posted Date: 06/11/2025 Identifier: INCIBE-2026-035 Importance: 3 - Medium Affected Resources: Isshue Description: INCIBE has coordinated the publication of a medium-severity vulnerability affecting Isshue by Bdtask, an eCommerce platform. The vulnerability was discovered by Gonzalo Aguilar Garcia (6h4ck). This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type: CVE-2025-40679: CVSS v4.0: 5.1 Solution: No solution has been reported at this time. Detail: CVE-2025-40679: Injection HTML vulnerability in Isshue by Bdtask, consisting of an HTML injection due to a lack of proper validation of user input by sending a POST request.