CVEDB API

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.3%

CVSS Severity

CVSS v3 Score 7.0

CVSS v2 Score 4.3

References

Products affected by CVE-2020-35740

Hgiga » Msr45 Isherlock-Antispam » Version: 4.5-130

cpe:2.3:a:hgiga:msr45_isherlock-antispam:4.5-130
Hgiga » Msr45 Isherlock-User » Version: 4.5-114

cpe:2.3:a:hgiga:msr45_isherlock-user:4.5-114
Hgiga » Msr45 Isherlock-User » Version: 4.5-115

cpe:2.3:a:hgiga:msr45_isherlock-user:4.5-115
Hgiga » Msr45 Isherlock-User » Version: 4.5-117

cpe:2.3:a:hgiga:msr45_isherlock-user:4.5-117
Hgiga » Msr45 Isherlock-User » Version: 4.5-81

cpe:2.3:a:hgiga:msr45_isherlock-user:4.5-81
Hgiga » Ssr45 Isherlock-Antispam » Version: 4.5-130

cpe:2.3:a:hgiga:ssr45_isherlock-antispam:4.5-130
Hgiga » Ssr45 Isherlock-User » Version: 4.5-114

cpe:2.3:a:hgiga:ssr45_isherlock-user:4.5-114
Hgiga » Ssr45 Isherlock-User » Version: 4.5-115

cpe:2.3:a:hgiga:ssr45_isherlock-user:4.5-115
Hgiga » Ssr45 Isherlock-User » Version: 4.5-117

cpe:2.3:a:hgiga:ssr45_isherlock-user:4.5-117