CVE Catalog

CVE-2026-12580

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.

Risk Assessment

Attackers can exploit this vulnerability to steal user data or hijack sessions, posing a serious security threat to the organization.

Recommendation

It is recommended to update EasyFlow .NET to the latest version and implement appropriate security measures against XSS attacks.

Original NVD description (English source)

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS