Vulnerabilities > Hgiga > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-19 | CVE-2021-22852 | SQL Injection vulnerability in Hgiga Oaklouds Openid 2.0/3.0 HGiga EIP product contains SQL Injection vulnerability. | 6.5 |
| 2020-12-31 | CVE-2020-35743 | SQL Injection vulnerability in Hgiga products HGiga MailSherlock contains a SQL injection flaw. | 6.5 |
| 2020-12-31 | CVE-2020-35742 | SQL Injection vulnerability in Hgiga products HGiga MailSherlock contains a vulnerability of SQL Injection. | 6.5 |
| 2020-12-31 | CVE-2020-35741 | Cross-site Scripting vulnerability in Hgiga products HGiga MailSherlock does not validate user parameters on multiple login pages. | 4.3 |
| 2020-12-31 | CVE-2020-35740 | Cross-site Scripting vulnerability in Hgiga products HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks. | 4.3 |
| 2020-12-31 | CVE-2020-25850 | Unspecified vulnerability in Hgiga Msr45 Isherlock-User and Ssr45 Isherlock-User The function, view the source code, of HGiga MailSherlock does not validate specific characters. | 5.0 |
| 2019-06-03 | CVE-2019-9883 | Cross-Site Request Forgery (CSRF) vulnerability in Hgiga products Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. | 6.8 |
| 2019-06-03 | CVE-2019-9882 | Cross-Site Request Forgery (CSRF) vulnerability in Hgiga products Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. | 6.8 |
| 2019-02-11 | CVE-2018-17542 | SQL Injection vulnerability in Hgiga Oaklouds Mailsherlock SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request. | 5.0 |