← back
CVE-2025-2150

HGiga C&Cm@il - Stored Cross-Site Scripting

CVSS 5.4 MEDIUMEPSS 0.2%CWE-79
The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
HGiga · C&Cm@il

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/en/cp-139-10005-05e0f-2.htmlhttps://www.twcert.org.tw/tw/cp-132-10004-99474-1.html