2 matches found
CVE-2014-9905
Multiple cross-site scripting XSS vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title of an appointment or 2 contact fields...
CVE-2014-9905
CVE-2014-9905 affects SOGo's Web Calendar. The vulnerability is multiple XSS flaws in the Web Calendar component, exploitable to inject arbitrary script via the appointment title or contact fields in SOGo versions prior to 2.2.0. Supported disclosures across SUSE/OpenVAS/DEBIANOS OSV/PT-Security ...