CVE-2020-35741 HIGH

CVE-2020-35741: HGiga MailSherlock - XSS -2

Vendor Hgiga

Product MailSherlock MSR45/SSR45

Weakness CWE-79 · XSS

Published December 31, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.0/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.

Key dates

02Disclosure timeline

December 31, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-35741 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-4165 Worksuite HR, CRM and Project Management create cross site scripting CVE-2026-24833 DotNetNuke.Core Vulnerable to Stored XSS in Module Description CVE-2023-6880 Visual Composer Premium <= 45.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-15000 Page Keys <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'page_key' Parameter CVE-2023-6701 Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

Identifiers

CVE CVE-2020-35741

CWE CWE-79

CVSS 7.0 / HIGH

Affected versions

Vendor Hgiga

Product MailSherlock MSR45/SSR45

Affected ≥ unspecified and < 120

Vendor Hgiga

Product MailSherlock MSR45/SSR45

Affected ≥ unspecified and < 133