Huan Jun Chan

Name of the Vulnerable Software and Affected Versions: Hexagon HxGN OnCall Dispatch Advantage (Web) version 10.2309.03.00264 Hexagon HxGN OnCall Dispatch Advantage (Mobile) version 10.2402 Description: The issue allows a remote authenticated attacker with access to the Broadcast (Person) functionality to execute arbitrary code due to Cross Site Scripting (XSS). Recommendations: For Hexagon HxGN OnCall Dispatch Advantage (Web) version 10.2309.03.00264, consider restricting access to the Broadcast (Person) functionality until a patch is available. For Hexagon HxGN OnCall Dispatch Advantage (Mobile) version 10.2402, consider restricting access to the Broadcast (Person) functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.