CVE-2025-2150: HGiga C&Cm@il - Stored Cross-Site Scripting
First published: Mon Mar 10 2025(Updated: )
The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HGiga C&Cm@il |
Remedy
Upadate package Mailk-mail to version 1.0-238 or later.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2150?
CVE-2025-2150 is considered a medium severity vulnerability due to the potential for exploitation through stored cross-site scripting.
How do I fix CVE-2025-2150?
To fix CVE-2025-2150, ensure that your version of HGiga C&Cm@il is updated to the latest patch provided by the vendor.
What type of vulnerability is CVE-2025-2150?
CVE-2025-2150 is a Stored Cross-Site Scripting (XSS) vulnerability that affects emails sent through the HGiga C&Cm@il application.
Who is affected by CVE-2025-2150?
Any user of HGiga C&Cm@il who receives emails with embedded malicious JavaScript is affected by CVE-2025-2150.
What can attackers do with CVE-2025-2150?
Attackers can exploit CVE-2025-2150 by sending emails that execute malicious JavaScript code in the recipient's browser, potentially leading to data theft or session hijacking.
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/references
- agent/title
- agent/description
- agent/first-publish-date
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/source
- agent/severity
- agent/tags
- agent/event
- vendor/hgiga
- canonical/hgiga c&cm@il