CVE-2025-44206

MEDIUM

Hexagon HxGN OnCall Dispatch Advantage - Authenticated Stored Cross-Site Scripting via Broadcast Person Functionality

Title source: llm
STIX 2.1

Description

Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264 and Hexagon HxGN OnCall Dispatch Advantage (Mobile) v10.2402 are vulnerable to Cross Site Scripting (XSS) which allows a remote authenticated attacker with access to the Broadcast (Person) functionality to execute arbitrary code.

Scores

CVSS v3 4.6
EPSS 0.0025
EPSS Percentile 16.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published Jun 25, 2025
Tracked Since Feb 18, 2026