Lucene search
K

4 matches found

OSV
OSV
added 2026/05/13 7:17 p.m.4 views

DEBIAN-CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS6AI score0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 6:2 p.m.32 views

CVE-2026-8496

Alinto SOGo 5.12.7 is affected by a cross-site scripting (XSS) vulnerability triggered by SVG content in ICS calendar invites. The issue stems from unsanitized SVG in the ICS file description with an onrepeat handler, allowing arbitrary JavaScript execution within an authenticated webmail session...

6.1CVSS6AI score0.00283EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 6:2 p.m.44 views

CVE-2026-8496 A cross-site scripting (XSS) vulnerability in Alinto SOGo, version 5.12.7

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

0.00283EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40764

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS6AI score0.00283EPSS
Exploits0References3
Rows per page
Query Builder