First published: Thu Dec 31 2020(Updated: )
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Hgiga Msr45 Isherlock-antispam | <4.5-133 | |
Hgiga Msr45 Isherlock-user | <4.5-120 | |
Hgiga Ssr45 Isherlock-antispam | <4.5-133 | |
Hgiga Ssr45 Isherlock-user | <4.5-120 |
Update MailSherlock MSR45/SSR45 Module to: iSherlock-user-4.5-120.i386.rpm iSherlock-antispam-4.5-133.i386.rpm
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35740 is a vulnerability in the HGiga MailSherlock software that allows attackers to inject JavaScript syntax for XSS attacks.
CVE-2020-35740 has a severity level of 6.1 (high).
Versions up to and excluding 4.5-133 of Hgiga Msr45 Isherlock-antispam and Hgiga Ssr45 Isherlock-antispam, and versions up to and excluding 4.5-120 of Hgiga Msr45 Isherlock-user and Hgiga Ssr45 Isherlock-user are affected.
Attackers can exploit CVE-2020-35740 by injecting JavaScript syntax through specific URL parameters.
To fix CVE-2020-35740, it is recommended to apply the latest patches or updates provided by HGiga for the affected software versions.