CVE-2025-2150

HGiga C&Cm@il - Stored Cross-Site Scripting

CVSS 5.4 MEDIUMEPSS 0.2%CWE-79

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Mar 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected products

HGiga · C&Cm@il

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.twcert.org.tw/en/cp-139-10005-05e0f-2.html https://www.twcert.org.tw/tw/cp-132-10004-99474-1.html