Multiple Login Pages in HGiga MailSherlock Lack User Parameter Validation, Allowing for XSS Attacks
CVE-2020-35741 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.
Learn more about our User Device Pen Test.