Vulnerabilities > Hgiga
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-10 | CVE-2025-2150 | Cross-site Scripting vulnerability in Hgiga C&Cm@Il The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email. | 5.4 |
| 2021-09-15 | CVE-2021-37912 | Unspecified vulnerability in Hgiga Oaklouds Portal 2.0/3.0 The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. | 9.8 |
| 2021-03-18 | CVE-2021-22848 | SQL Injection vulnerability in Hgiga products HGiga MailSherlock contains a SQL Injection. | 9.8 |
| 2021-01-19 | CVE-2021-22852 | SQL Injection vulnerability in Hgiga Oaklouds Openid 2.0/3.0 HGiga EIP product contains SQL Injection vulnerability. | 8.8 |
| 2021-01-19 | CVE-2021-22851 | SQL Injection vulnerability in Hgiga Oaklouds Openid 2.0/3.0 HGiga EIP product contains SQL Injection vulnerability. | 9.8 |
| 2021-01-19 | CVE-2021-22850 | Missing Authentication for Critical Function vulnerability in Hgiga Oaklouds Portal HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. | 9.8 |
| 2020-12-31 | CVE-2020-35851 | OS Command Injection vulnerability in Hgiga Msr45 Isherlock-User and Ssr45 Isherlock-User HGiga MailSherlock does not validate specific parameters properly. | 9.8 |
| 2020-12-31 | CVE-2020-35743 | SQL Injection vulnerability in Hgiga products HGiga MailSherlock contains a SQL injection flaw. | 7.6 |
| 2020-12-31 | CVE-2020-35742 | SQL Injection vulnerability in Hgiga products HGiga MailSherlock contains a vulnerability of SQL Injection. | 7.6 |
| 2020-12-31 | CVE-2020-35741 | Cross-site Scripting vulnerability in Hgiga products HGiga MailSherlock does not validate user parameters on multiple login pages. | 6.1 |