Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alinto sogo vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-9905
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo prior to 2.2.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.
Alinto Sogo
NA
CVE-2023-48104
Alinto SOGo prior to 5.9.1 is vulnerable to HTML Injection.
Alinto Sogo
1 Github repository
NA
CVE-2022-4556
A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cr...
Alinto Sogo
NA
CVE-2022-4558
A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initia...
Alinto Sogo
356
VMScore
CVE-2016-6189
Incomplete blacklist in SOGo prior to 2.3.12 and 3.x prior to 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
Alinto Sogo
383
VMScore
CVE-2016-6191
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo prior to 3.1.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field.
Alinto Sogo
605
VMScore
CVE-2016-6188
Memory leak in SOGo 2.3.7 allows remote malicious users to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.
Alinto Sogo 2.3.7
NA
CVE-2020-22402
Cross Site Scripting (XSS) vulnerability in SOGo Web Mail prior to 4.3.1 allows malicious users to obtain user sensitive information when a user reads an email containing malicious code.
Alinto Sogo Web Mail
605
VMScore
CVE-2015-5395
Cross-site request forgery (CSRF) vulnerability in SOGo prior to 3.1.0.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Alinto Sogo
NA
CVE-2024-34462
Alinto SOGo up to and including 5.10.0 allows XSS during attachment preview.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started