{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2150", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2025-03-10T06:22:23.896Z", "datePublished": "2025-03-10T07:12:22.552Z", "dateUpdated": "2025-03-10T15:34:31.590Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "MailK-mail", "product": "C&Cm@il", "vendor": "HGiga", "versions": [{"lessThan": "1.0-238", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-03-10T07:09:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email."}], "value": "The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2025-03-10T07:12:22.552Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-10004-99474-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-10005-05e0f-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upadate package Mailk-mail to version 1.0-238 or later."}], "value": "Upadate package Mailk-mail to version 1.0-238 or later."}], "source": {"advisory": "TVN-202503001", "discovery": "EXTERNAL"}, "title": "HGiga C&Cm@il - Stored Cross-Site Scripting", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T15:34:19.659333Z", "id": "CVE-2025-2150", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T15:34:31.590Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2150", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T15:34:19.659333Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T15:34:28.394Z"}}], "cna": {"title": "HGiga C&Cm@il - Stored Cross-Site Scripting", "source": {"advisory": "TVN-202503001", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HGiga", "product": "C&Cm@il", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0-238", "versionType": "custom"}], "packageName": "MailK-mail", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upadate package Mailk-mail to version 1.0-238 or later.", "supportingMedia": [{"type": "text/html", "value": "Upadate package Mailk-mail to version 1.0-238 or later.", "base64": false}]}], "datePublic": "2025-03-10T07:09:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-10004-99474-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-10005-05e0f-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email.", "supportingMedia": [{"type": "text/html", "value": "The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2025-03-10T07:12:22.552Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2150", "state": "PUBLISHED", "dateUpdated": "2025-03-10T15:34:31.590Z", "dateReserved": "2025-03-10T06:22:23.896Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2025-03-10T07:12:22.552Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hgiga:c\\&cm\\@il:-:*:*:*:*:*:*:*", "matchCriteriaId": "177F8E98-5F0D-4D4C-9386-8FDC6614AF5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email."}, {"lang": "es", "value": "El C&Cm@il de HGiga tiene una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado, que permite a atacantes remotos con privilegios regulares enviar correos electr\u00f3nicos que contienen c\u00f3digo JavaScript malicioso, que se ejecutar\u00e1 en el navegador del destinatario cuando vea el correo electr\u00f3nico."}], "id": "CVE-2025-2150", "lastModified": "2025-03-24T14:06:07.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-03-10T08:15:11.917", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/en/cp-139-10005-05e0f-2.html"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-10004-99474-1.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}

{}