386 matches found
CVE-2025-63499
SOGo 5.12.3 is affected by a Cross Site Scripting (XSS) vulnerability triggered via the theme parameter. The issue is confirmed in multiple sources (e.g., Debian LTS DLA-4434-1) with remediation by upgrading to 5.0.1-4+deb11u3 on Debian 11 (Bullseye). Public CVE is CVE-2025-63499; CVSSv3 base sco...
Debian dla-4386 : sogo - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4386 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4386-1 [email protected] https://www.debian.org/lts/security/...
CVE-2025-63498
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...
Debian: Security Advisory (DLA-4386-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4386-1] sogo security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4386-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini November 28, 2025 https://wiki.debian.org/LTS -...
DLA-4386-1 sogo - security update
Bulletin has no description...
Linux Distros Unpatched Vulnerability : CVE-2025-63498
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the userName parameter. CVE-2025-63498 Note that Nessus relies on the presence of the package a...
EUVD-2025-198998
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...
DEBIAN-CVE-2025-63498
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...
CVE-2025-63498
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...
UBUNTU-CVE-2025-63498
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...
CVE-2025-63498
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...
CVE-2025-63498
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...
SOGo 安全漏洞
SOGo is a very fast and extensible modern collaboration suite from Alinto Open Source. It provides calendaring, address book management and a full-featured webmail client as well as resource sharing and permission handling. A security vulnerability exists in SOGo version 5.12.3, which stems from...
PT-2025-47963
Name of the Vulnerable Software and Affected Versions alinto SOGo version 5.12.3 Description alinto SOGo version 5.12.3 is susceptible to Cross Site Scripting XSS attacks. The issue is related to the userName parameter. Exploitation of this issue could allow an attacker to inject malicious script...
CVE-2025-63498
Summary: CVE-2025-63498 affects alinto SOGo 5.12.3, where an XSS flaw is exposed via the userName parameter on the authentication page. The vulnerability allows arbitrary JavaScript execution in affected sessions. Debian’s LTS advisory (DLA-4386-1) indicates the fixed version for Debian 11 is 5.0...
CVE-2025-63498
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...
CVE-2025-63498
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...
MGASA-2025-0255 Updated sope packages fix security vulnerability
It was discovered that sope, the set of Objective-C frameworks powering SOGo, contains a DoS bug which could cause a crash CVE-2025-53603...
Updated sope packages fix security vulnerability
It was discovered that sope, the set of Objective-C frameworks powering SOGo, contains a DoS bug which could cause a crash CVE-2025-53603...