CVE-2026-12580

MEDIUM NVD

CVSS Score 5.4

Severity MEDIUM

Published Jun 22, 2026

Vendor unknown

Description

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.

References

https://www.twcert.org.tw/en/cp-139-10981-8617d-2.html
https://www.twcert.org.tw/tw/cp-132-10980-0e640-1.html