CVE-2025-44206
MEDIUMHexagon HxGN OnCall Dispatch Advantage - Authenticated Stored Cross-Site Scripting via Broadcast Person Functionality
Title source: llmDescription
Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264 and Hexagon HxGN OnCall Dispatch Advantage (Mobile) v10.2402 are vulnerable to Cross Site Scripting (XSS) which allows a remote authenticated attacker with access to the Broadcast (Person) functionality to execute arbitrary code.
References (2)
Core 2
Core References
Various Sources
https://hexagon.com/products/hxgn-oncall-dispatch/
Scores
CVSS v3
4.6
EPSS
0.0025
EPSS Percentile
16.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Published
Jun 25, 2025
Tracked Since
Feb 18, 2026