Published: 16/01/2024 Updated: 29/04/2024

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

Alinto SOGo prior to 5.9.1 is vulnerable to HTML Injection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alinto sogo

Debian Bug report logs - #1060925 sogo: CVE-2023-48104 Package: src:sogo; Maintainer for src:sogo is Debian SOGo Maintainers <pkg-sogo-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 16 Jan 2024 19:27:01 UTC Severity: important Tags: security, upstream Found in ...

HTML Injection in Alinto/SOGo Web Client

CVE-2023-48104 HTML Injection in Alinto/SOGo Web Client Vendor of Product Alinto Vulnerability Type HTML Injection Affected Versions SOGo Web Mail < 591 Attack Vectors Phishing - In the body of the message, you can inject a malicious form that will send the entered data to the attacker Additional Information The fix to prevent form tag in mail body has been made -&

CWE-79 https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098 https://github.com/E1tex/CVE-2023-48104 https://habr.com/ru/articles/804863/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060925 https://nvd.nist.gov https://github.com/E1tex/CVE-2023-48104

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-48104

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect