Lucene search

Veracode Vulnerability DatabaseVERACODE:46796

HistoryMay 08, 2024 - 6:00 a.m.

Cross-Site Scripting

2024-05-0806:00:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libsogo

cross-site scripting

vulnerability

attachment preview

javascript code

browser session

software

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

libSOGo.so is vulnerable to Cross-Site Scripting. The vulnerability is due to inadequate sanitization during attachment preview. This allows an attacker to execute arbitrary JavaScript code within the context of the user’s browser session.

CPENameOperatorVersion
libsogo.sole5.2.0
libsogo.sole5.2.0

CPE	Name	Operator	Version
	libsogo.so	le	5.2.0
	libsogo.so	le	5.2.0

References

github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920