CVE-2024-24510

2024-09-0919:15:13

Google

osv.dev

cross site scripting

alinto sogo

5.10.0

mail component

remote code execution

AI Score

7.2

Confidence

High

JSON

Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component.

References

book.hacktricks.xyz/pentesting-web/xs-search/css-injection

github.com/Alinto/sogo/commit/21468700718ed71774eaf2979ee59330fc569424

security-tracker.debian.org/tracker/CVE-2024-24510

AI Score

7.2

Confidence

High

JSON

Related for OSV:CVE-2024-24510