CVE-2022-4558Improper Neutralization in Sogo

CWE-707Improper NeutralizationCWE-79Cross-site Scripting5 documents5 sources
Severity
6.1MEDIUMNVD
CNA3.5
EPSS
0.3%
top 49.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Alinto Sogo
Timeline
PublishedDec 16
Latest updateDec 22

Description

A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. It is recommended to upgrade the affected component. The identifier VDB

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDalinto/sogo< 5.8.0
Debianalinto/sogo< 5.8.0-1+2
CVEListV5alinto/sogo5.7.0, 5.7.1+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-r8x7-gmq5-6256: A vulnerability was found in Alinto SOGo up to 52022-12-22
OSV
CVE-2022-4558: A vulnerability was found in Alinto SOGo up to 52022-12-16
CVEList
Alinto SOGo Folder/Mail NSString+Utilities.m cross site scripting2022-12-16

📋Vendor Advisories

1
Debian
CVE-2022-4558: sogo - A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as ...2022