Hgiga: Security Vulnerabilities
HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-03-27
OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-08-30
The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.
CVSS Score
9.8
EPSS Score
0.057
Published
2021-09-15
The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.
CVSS Score
9.8
EPSS Score
0.057
Published
2021-09-15
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.
CVSS Score
7.0
EPSS Score
0.004
Published
2021-03-18
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-01-19
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-01-19
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-01-19
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-12-31
The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.
CVSS Score
8.1
EPSS Score
0.004
Published
2020-12-31