CVE-2020-35741

Summary

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.

Affected Software

VendorProductVersion RangeStatus
HGigaMailSherlock MSR45/SSR45unspecified < 120affected
HGigaMailSherlock MSR45/SSR45unspecified < 133affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References