Vulnerabilities > Hgiga > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-31 | CVE-2020-35741 | Cross-site Scripting vulnerability in Hgiga products HGiga MailSherlock does not validate user parameters on multiple login pages. | 6.1 |
2020-12-31 | CVE-2020-35740 | Cross-site Scripting vulnerability in Hgiga products HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks. | 6.1 |
2019-02-11 | CVE-2018-17542 | SQL Injection vulnerability in Hgiga Oaklouds Mailsherlock SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request. | 5.3 |