CVE-2023-48104
https://notcve.org/view.php?id=CVE-2023-48104
Alinto SOGo before 5.9.1 is vulnerable to HTML Injection. Alinto SOGo 5.8.0 es vulnerable a la inyección de HTML. • https://github.com/E1tex/CVE-2023-48104 https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098 https://habr.com/ru/articles/804863 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-22402
https://notcve.org/view.php?id=CVE-2020-22402
Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code. • https://sogo.nu/bugs/view.php?id=4979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-4558 – Alinto SOGo Folder/Mail NSString+Utilities.m cross site scripting
https://notcve.org/view.php?id=CVE-2022-4558
A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3 https://github.com/Alinto/sogo/releases/tag/SOGo-5.8.0 https://vuldb.com/?id.215961 • CWE-707: Improper Neutralization •
CVE-2022-4556 – Alinto SOGo Identity SOGoUserDefaults.m _migrateMailIdentities cross site scripting
https://notcve.org/view.php?id=CVE-2022-4556
A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. • https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e https://github.com/Alinto/sogo/releases/tag/SOGo-5.8.0 https://vuldb.com/?id.215960 • CWE-707: Improper Neutralization •
CVE-2015-5395
https://notcve.org/view.php?id=CVE-2015-5395
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. Existe una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en SOGo en versiones anteriores a la 3.1.0. • http://www.openwall.com/lists/oss-security/2015/07/10/9 https://github.com/inverse-inc/sogo/commit/582baf2960969c73f98643e46cfb49432c30b711 https://lists.debian.org/debian-lts/2016/05/msg00197.html https://security-tracker.debian.org/tracker/CVE-2015-5395 https://sogo.nu/bugs/view.php?id=3246 • CWE-352: Cross-Site Request Forgery (CSRF) •