CVE-2025-2150

MEDIUM

HGiga C&Cm@il - Stored Cross-Site Scripting via Email Content

Title source: llm
STIX 2.1

Description

The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email.

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/tw/cp-132-10004-99474-1.html
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/en/cp-139-10005-05e0f-2.html

Scores

CVSS v3 5.4
EPSS 0.0024
EPSS Percentile 14.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
hgiga/c\&cm\@il
Published Mar 10, 2025
Tracked Since Feb 18, 2026