Vulnerabilities > Hgiga > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-31 CVE-2020-35741 Cross-site Scripting vulnerability in Hgiga products
HGiga MailSherlock does not validate user parameters on multiple login pages.
network
low complexity
hgiga CWE-79
6.1
2020-12-31 CVE-2020-35740 Cross-site Scripting vulnerability in Hgiga products
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
network
low complexity
hgiga CWE-79
6.1
2019-02-11 CVE-2018-17542 SQL Injection vulnerability in Hgiga Oaklouds Mailsherlock
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
network
low complexity
hgiga CWE-89
5.3