Vulnerabilities > Alinto
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-16 | CVE-2023-48104 | Cross-site Scripting vulnerability in Alinto Sogo Alinto SOGo before 5.9.1 is vulnerable to HTML Injection. | 6.1 |
2023-06-14 | CVE-2020-22402 | Cross-site Scripting vulnerability in Alinto Sogo web Mail Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code. | 6.1 |
2022-12-16 | CVE-2022-4556 | Unspecified vulnerability in Alinto Sogo A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. | 6.1 |
2022-12-16 | CVE-2022-4558 | Unspecified vulnerability in Alinto Sogo A vulnerability was found in Alinto SOGo up to 5.7.1. | 6.1 |
2017-09-20 | CVE-2015-5395 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | 8.8 |
2017-02-17 | CVE-2016-6191 | Cross-site Scripting vulnerability in Alinto Sogo Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. | 6.1 |
2017-02-17 | CVE-2016-6189 | Incomplete Blacklist vulnerability in Alinto Sogo Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. | 4.3 |
2017-02-17 | CVE-2014-9905 | Cross-site Scripting vulnerability in Alinto Sogo Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields. | 6.1 |
2017-02-03 | CVE-2016-6188 | Resource Management Errors vulnerability in Alinto Sogo 2.3.7 Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. | 6.5 |