Vulnerabilities > Hgiga > Ssr45 Isherlock User

DATE CVE VULNERABILITY TITLE RISK
2021-03-18 CVE-2021-22848 SQL Injection vulnerability in Hgiga products
HGiga MailSherlock contains a SQL Injection.
network
low complexity
hgiga CWE-89
7.5
7.5
2020-12-31 CVE-2020-35851 OS Command Injection vulnerability in Hgiga Msr45 Isherlock-User and Ssr45 Isherlock-User
HGiga MailSherlock does not validate specific parameters properly.
network
low complexity
hgiga CWE-78
critical
 10.0
10
2020-12-31 CVE-2020-35743 SQL Injection vulnerability in Hgiga products
HGiga MailSherlock contains a SQL injection flaw.
network
low complexity
hgiga CWE-89
6.5
6.5
2020-12-31 CVE-2020-35742 SQL Injection vulnerability in Hgiga products
HGiga MailSherlock contains a vulnerability of SQL Injection.
network
low complexity
hgiga CWE-89
6.5
6.5
2020-12-31 CVE-2020-35741 Cross-site Scripting vulnerability in Hgiga products
HGiga MailSherlock does not validate user parameters on multiple login pages.
network
hgiga CWE-79
4.3
4.3
2020-12-31 CVE-2020-35740 Cross-site Scripting vulnerability in Hgiga products
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
network
hgiga CWE-79
4.3
4.3
2020-12-31 CVE-2020-25850 Unspecified vulnerability in Hgiga Msr45 Isherlock-User and Ssr45 Isherlock-User
The function, view the source code, of HGiga MailSherlock does not validate specific characters.
network
low complexity
hgiga
5.0
5.0
2020-12-31 CVE-2020-25848 Insufficiently Protected Credentials vulnerability in Hgiga products
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
network
low complexity
hgiga CWE-522
critical
 10.0
10