CVE-2025-63498
published 2025-11-24CVE-2025-63498: alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alinto | sogo | — | — |
| alinto | sogo | >= 0 < 5.0.1-4+deb11u2 | 5.0.1-4+deb11u2 |
| alinto | sogo | >= 0 < 5.8.0-2+deb12u1 | 5.8.0-2+deb12u1 |
| alinto | sogo | >= 0 < 5.12.1-3+deb13u1 | 5.12.1-3+deb13u1 |
| alinto | sogo | >= 0 < 5.12.4-1 | 5.12.4-1 |
| debian | debian_linux | — | — |
| debian | sogo | < sogo 5.8.0-2+deb12u1 (bookworm) | sogo 5.8.0-2+deb12u1 (bookworm) |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM