CVE-2026-12580
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.
Risk Assessment
Attackers can exploit this vulnerability to steal user data or hijack sessions, posing a serious security threat to the organization.
Recommendation
It is recommended to update EasyFlow .NET to the latest version and implement appropriate security measures against XSS attacks.
Original NVD description (English source)
EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.

