3 matches found
UBUNTU-CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...
CVE-2026-33550
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...
CVE-2026-33550
SOGo prior to version 5.12.5 fails to renew OTP when users disable/enable it and uses a 12-digit OTP instead of the 20-digit recommendation. Affected software: SOGo (before 5.12.5). Root cause: OTP renewal logic/length not aligned with recommended size. Impact: potential authentication weakness d...