{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T04:17:15.556","vulnerabilities":[{"cve":{"id":"CVE-2020-35741","sourceIdentifier":"twcert@cert.org.tw","published":"2020-12-31T08:15:13.660","lastModified":"2024-11-21T05:27:59.487","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks."},{"lang":"es","value":"HGiga MailSherlock no comprueba los parámetros de usuario en múltiples páginas de inicio de sesión. Unos atacantes pueden usar la vulnerabilidad para inyectar la sintaxis de JavaScript para ataques de tipo XSS."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:msr45_isherlock-antispam:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5-133","matchCriteriaId":"2E5B5E25-BC65-49E2-9865-9BC9A4DE98F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:msr45_isherlock-user:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5-120","matchCriteriaId":"F203F7FA-9E30-49AD-956C-5E893B1264A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:ssr45_isherlock-antispam:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5-133","matchCriteriaId":"DAAA3F24-7821-4F5A-A64E-EEA30B269DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:ssr45_isherlock-user:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5-120","matchCriteriaId":"BE0FEDEB-2C43-4C45-800A-9323146DC214"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}