CVE-2023-48104Cross-site Scripting in Sogo

CWE-79Cross-site Scripting5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
15.4%
top 5.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Alinto Sogo
Timeline
PublishedJan 16

Description

Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDalinto/sogo< 5.9.1
Debianalinto/sogo< 5.8.0-2+deb12u1+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
CVE-2023-48104: Alinto SOGo before 52024-01-16
GHSA
GHSA-x4j2-fh47-r6r6: Alinto SOGo 52024-01-16
CVEList
CVE-2023-48104: Alinto SOGo before 52024-01-16

📋Vendor Advisories

1
Debian
CVE-2023-48104: sogo - Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.2023
CVE-2023-48104 — Cross-site Scripting in Alinto Sogo | cvebase