PT-2026-51288 · Digiwin · Easyflow .Net

Published

2026-06-22

Updated

2026-06-22

CVE-2026-12580

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-12580

Affected Products

Easyflow .Net

PT-2026-51288 · Digiwin · Easyflow .Net

CVE-2026-12580

Weakness Enumeration

Related Identifiers

Affected Products

References · 3