Sogo Security Vulnerabilities and Issues — Sogo CVE List

Lucene search

AlintoSogo

4 matches found

CVE•added 2017/02/17 5:59 p.m.•43 views

CVE-2014-9905

Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.

6.1CVSS6AI score0.006EPSS

CVE•added 2017/02/17 5:59 p.m.•41 views

CVE-2016-6191

Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field.

6.1CVSS6AI score0.00332EPSS

CVE•added 2017/02/03 4:59 p.m.•38 views

CVE-2016-6188

Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.

6.8CVSS6.3AI score0.01516EPSS

CVE•added 2017/02/17 5:59 p.m.•38 views

CVE-2016-6189

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

4.3CVSS4.1AI score0.00173EPSS