3.0.2

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-16	CVE-2023-48104	Cross-site Scripting vulnerability in Alinto Sogo Alinto SOGo before 5.9.1 is vulnerable to HTML Injection. network low complexity alinto CWE-79	6.1
2022-12-16	CVE-2022-4556	Unspecified vulnerability in Alinto Sogo A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. network low complexity alinto	6.1
2022-12-16	CVE-2022-4558	Unspecified vulnerability in Alinto Sogo A vulnerability was found in Alinto SOGo up to 5.7.1. network low complexity alinto	6.1
2017-09-20	CVE-2015-5395	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. network low complexity debian alinto CWE-352	8.8
2017-02-17	CVE-2016-6191	Cross-site Scripting vulnerability in Alinto Sogo Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. network low complexity alinto CWE-79	6.1
2017-02-17	CVE-2016-6189	Incomplete Blacklist vulnerability in Alinto Sogo Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. network low complexity alinto CWE-184	4.3