Lucene search
K

386 matches found

CVE
CVE
added 2025/12/04 12:0 a.m.27 views

CVE-2025-63499

SOGo 5.12.3 is affected by a Cross Site Scripting (XSS) vulnerability triggered via the theme parameter. The issue is confirmed in multiple sources (e.g., Debian LTS DLA-4434-1) with remediation by upgrading to 5.0.1-4+deb11u3 on Debian 11 (Bullseye). Public CVE is CVE-2025-63499; CVSSv3 base sco...

6.1CVSS5.8AI score0.00269EPSS
Exploits2References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.4 views

Debian dla-4386 : sogo - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4386 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4386-1 [email protected] https://www.debian.org/lts/security/...

6.1CVSS6AI score0.00241EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/02 6:3 a.m.8 views

CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

6.1CVSS6.3AI score0.00241EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/12/01 12:0 a.m.3 views

Debian: Security Advisory (DLA-4386-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.8AI score0.00241EPSS
Exploits1References2
Debian
Debian
added 2025/11/28 3:35 p.m.27 views

[SECURITY] [DLA 4386-1] sogo security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4386-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini November 28, 2025 https://wiki.debian.org/LTS -...

6.1CVSS6.4AI score0.00241EPSS
Exploits1
OSV
OSV
added 2025/11/28 12:0 a.m.3 views

DLA-4386-1 sogo - security update

Bulletin has no description...

6.1CVSS6.9AI score0.00241EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-63498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the userName parameter. CVE-2025-63498 Note that Nessus relies on the presence of the package a...

6.1CVSS6AI score0.00241EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/24 9:31 p.m.4 views

EUVD-2025-198998

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

6.1CVSS5.7AI score0.00241EPSS
Exploits1References3
OSV
OSV
added 2025/11/24 9:16 p.m.1 views

DEBIAN-CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

6.1CVSS5.1AI score0.00241EPSS
Exploits1References1
NVD
NVD
added 2025/11/24 9:16 p.m.8 views

CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

6.1CVSS0.00241EPSS
Exploits1References4
OSV
OSV
added 2025/11/24 9:16 p.m.3 views

UBUNTU-CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

6.1CVSS5.8AI score0.00241EPSS
Exploits1References7
OSV
OSV
added 2025/11/24 12:0 a.m.4 views

CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

6.1CVSS6.2AI score0.00241EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.1 views

CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

5.8AI score0.00241EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.6 views

SOGo 安全漏洞

SOGo is a very fast and extensible modern collaboration suite from Alinto Open Source. It provides calendaring, address book management and a full-featured webmail client as well as resource sharing and permission handling. A security vulnerability exists in SOGo version 5.12.3, which stems from...

6.1CVSS5.9AI score0.00241EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.3 views

PT-2025-47963

Name of the Vulnerable Software and Affected Versions alinto SOGo version 5.12.3 Description alinto SOGo version 5.12.3 is susceptible to Cross Site Scripting XSS attacks. The issue is related to the userName parameter. Exploitation of this issue could allow an attacker to inject malicious script...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References28
CVE
CVE
added 2025/11/24 12:0 a.m.29 views

CVE-2025-63498

Summary: CVE-2025-63498 affects alinto SOGo 5.12.3, where an XSS flaw is exposed via the userName parameter on the authentication page. The vulnerability allows arbitrary JavaScript execution in affected sessions. Debian’s LTS advisory (DLA-4386-1) indicates the fixed version for Debian 11 is 5.0...

6.1CVSS5.8AI score0.00241EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.7 views

CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

0.00241EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2025/11/24 12:0 a.m.5 views

CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

6.1CVSS5AI score0.00241EPSS
Exploits1
OSV
OSV
added 2025/10/31 11:36 p.m.4 views

MGASA-2025-0255 Updated sope packages fix security vulnerability

It was discovered that sope, the set of Objective-C frameworks powering SOGo, contains a DoS bug which could cause a crash CVE-2025-53603...

7.5CVSS7AI score0.00592EPSS
Exploits0References3
Mageia
Mageia
added 2025/10/31 11:36 p.m.7 views

Updated sope packages fix security vulnerability

It was discovered that sope, the set of Objective-C frameworks powering SOGo, contains a DoS bug which could cause a crash CVE-2025-53603...

7.5CVSS7AI score0.00592EPSS
Exploits0References2
Rows per page
Query Builder