Multiple Login Pages in HGiga MailSherlock Lack User Parameter Validation, Allowing for XSS Attacks

Multiple Login Pages in HGiga MailSherlock Lack User Parameter Validation, Allowing for XSS Attacks

CVE-2020-35741 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.

Learn more about our User Device Pen Test.