CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

UBUNTU-CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

CVE-2026-8496 A cross-site scripting (XSS) vulnerability in Alinto SOGo, version 5.12.7

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

CVE-2025-9158

The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...

Request Tracker 安全漏洞

Request Tracker is an issue and work order tracking system from Request Tracker, Inc. A security vulnerability exists in Request Tracker versions 5.0.4 through 5.0.8 and 6.0.0 through 6.0.1, which stems from a failure of the calendar invitation parsing feature to clean up HTML, which could lead t...

CVE-2025-9158 Stored XSS in Request Tracker

The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...

FreeBSD : RT -- XSS via calendar invitations (269c2de7-afaa-11f0-b4c8-792b26d8a051)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 269c2de7-afaa-11f0-b4c8-792b26d8a051 advisory. Mateusz Szymaniec and CERT Polska Reports: RT is vulnerable to XSS via calendar invitations added to a...

RT -- XSS via calendar invitations

Mateusz Szymaniec and CERT Polska Reports: RT is vulnerable to XSS via calendar invitations added to a ticket. Thanks to Mateusz Szymaniec and CERT Polska for reporting this finding...

[SECURITY] [DSA 6031-1] request-tracker5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2025 https://www.debian.org/security/faq -...

Apple iPhone 输入验证错误漏洞

The Apple iPhone is a smartphone from Apple, an American Apple Apple company. The Apple iPhone suffers from an input validation error vulnerability that stems from otherwise maliciously crafted calendar invitations that may disclose user information...

Scam Alert: You've Been Selected for 'Like of the Year 2020' Cash Prizes

Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information. According to researchers at Group-IB, the multi-stage phishing attack exploited the credibility o...

Phishing Campaign Toolkit: King Phisher

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness...

CVE-2017-16962

The WebMail components Crystal, pronto, and pronto4 in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via 1 the location or details field of a Google Calendar invitation, 2 a crafted Outlook.com calendar aka Hotmail Calendar invitation, 3 e-mail granting access to a directory that h...

King Phisher 1.5.2 - Phishing Campaign Toolkit

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness...

Polycom RealPresence CloudAXIS Suite Cross-Site Scripting Vulnerability

Polycom RealPresence CloudAXIS Suite is a cloud-based, cross-platform video collaboration solution from Polycom. The solution allows meeting schedules to be sent to contacts via email and calendar invitations. A cross-site scripting vulnerability exists in Polycom RealPresence CloudAXIS Suite 1.6...