CVE-2020-35741
MEDIUM WAF: High
CVSS 6.1
Published: 2020-12-31
CWE-79 CWE-79
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.
WAF Coverage Analysis
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| hgiga | msr45_isherlock-antispam | up to 4.5-133 |
| hgiga | msr45_isherlock-user | up to 4.5-120 |
| hgiga | ssr45_isherlock-antispam | up to 4.5-133 |
| hgiga | ssr45_isherlock-user | up to 4.5-120 |
References
- www.twcert.org.tw (Third Party Advisory)