378 matches found
PT-2026-40847
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c password = '%@' in changePasswordForLogin...
SOGo SQL注入漏洞
SOGo is a highly fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.7 had an SQL injection...
Linux Distros Unpatched Vulnerability : CVE-2026-8496
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript...
PT-2026-40846
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
Linux Distros Unpatched Vulnerability : CVE-2026-46445
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. CVE-2026-46445 Note that Nessus relies on the presence of the package as reported by the...
CVE-2026-8496
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
DEBIAN-CVE-2026-8496
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
UBUNTU-CVE-2026-8496
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
CVE-2026-8496
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
CVE-2026-8496 A cross-site scripting (XSS) vulnerability in Alinto SOGo, version 5.12.7
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
CVE-2026-8496
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
CVE-2026-8496 A cross-site scripting (XSS) vulnerability in Alinto SOGo, version 5.12.7
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
CVE-2026-8496
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
CVE-2026-8496
Alinto SOGo 5.12.7 is affected by a cross-site scripting (XSS) vulnerability triggered by SVG content in ICS calendar invites. The issue stems from unsanitized SVG in the ICS file description with an onrepeat handler, allowing arbitrary JavaScript execution within an authenticated webmail session...
Alinto SOGo 安全漏洞
Alinto SOGo is an open-source collaboration office software developed by Alinto. Version 5.12.7 of Alinto SOGo contains a security vulnerability. This vulnerability stems from insufficient SVG content cleaning in the ICS calendar invitation files. It may allow remote attackers to execute JavaScri...
PT-2026-40764
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
CVE-2026-33550
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...
CVE-2026-33550
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...
DEBIAN-CVE-2026-33550
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...