Hgiga Ssr45 Isherlock-user — known CVE vulnerabilities
Every CVE whose affected-product data names Hgiga Ssr45 Isherlock-user, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2020-25848 — CVSS 9.8 (critical): HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
CVE-2020-25850 — CVSS 8.1 (high): The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to…
CVE-2020-35851 — CVSS 8.1 (high): HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks…
CVE-2020-35742 — CVSS 7.0 (high): HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
CVE-2020-35743 — CVSS 7.0 (high): HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.
CVE-2021-22848 — CVSS 7.0 (high): HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email…
CVE-2020-35740 — CVSS 7.0 (high): HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
CVE-2020-35741 — CVSS 7.0 (high): HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript…