Hexagon HxGN OnCall Dispatch Vulnerable to Cross-Site Scripting Allowing Arbitrary Code Execution

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Hexagon HxGN OnCall Dispatch Advantage (Web) version 10.2309.03.00264 and in the Mobile version 10.2402. This vulnerability allows remote authenticated attackers with access to the Broadcast (Person) functionality to execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for the execution of arbitrary code in the context of the user.

Added: Jun 25, 2025, 4:33 PM

Updated: Jun 25, 2025, 5:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hexagon HxGN OnCall Dispatch Vulnerable to Cross-Site Scripting Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating