EUVD-2020-23397

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

HGiga MailSherlock fails to validate user parameters, allowing XSS injection via multiple login pages.

Reporter	Title	Published	Views	Family All 6
CNNVD	HGiga MailSherlock 跨站脚本漏洞	31 Dec 202000:00	–	cnnvd
CNVD	HGiga MailSherlock Cross-Site Scripting Vulnerability	4 Jan 202100:00	–	cnvd
CVE	CVE-2020-35741	31 Dec 202007:45	–	cve
Cvelist	CVE-2020-35741 HGiga MailSherlock - XSS -2	31 Dec 202007:45	–	cvelist
NVD	CVE-2020-35741	31 Dec 202008:15	–	nvd
Prion	Hardcoded credentials	31 Dec 202008:15	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "4b7c9d34-ddfc-3f95-b183-f5057fdb1a94",
        "vendor": {
          "name": "Hgiga"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0190e8fd-3155-34c0-b0f0-d86dc8914038",
        "product": {
          "name": "MailSherlock MSR45/SSR45"
        },
        "product_version": "unspecified <133"
      },
      {
        "id": "f9a1dcdf-8bea-3cb5-bee6-47d8866360f1",
        "product": {
          "name": "MailSherlock MSR45/SSR45"
        },
        "product_version": "unspecified <120"
      }
    ]
  }
]

Source	Link
twcert	www.twcert.org.tw/tw/cp-132-4260-ba376-1.html
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.1 - 7

CVSS 24.3

EPSS0.00294