Vulnerability Description
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.
CVSS Score
7.0
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hgiga | Msr45 Isherlock-Antispam | < 4.5-133 |
| Hgiga | Msr45 Isherlock-User | < 4.5-120 |
| Hgiga | Ssr45 Isherlock-Antispam | < 4.5-133 |
| Hgiga | Ssr45 Isherlock-User | < 4.5-120 |
Related Weaknesses (CWE)
References
- https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.htmlThird Party Advisory
FAQ
What is CVE-2020-35741?
CVE-2020-35741 is a vulnerability with a CVSS score of 7.0 (HIGH). HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.
How severe is CVE-2020-35741?
CVE-2020-35741 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35741?
Check the references section above for vendor advisories and patch information. Affected products include: Hgiga Msr45 Isherlock-Antispam, Hgiga Msr45 Isherlock-User, Hgiga Ssr45 Isherlock-Antispam, Hgiga Ssr45 Isherlock-User.