CVE-2025-63498

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 74.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Alinto SogoDebian Debian Linux
Timeline
PublishedNov 24

Description

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDalinto/sogo5.12.3
Debiansogo< 5.0.1-4+deb11u2+3

Also affects: Debian Linux 11.0

Patches

Patch: github.com

🔴Vulnerability Details

3
OSV
CVE-2025-63498: alinto SOGo 52025-11-24
CVEList
CVE-2025-63498: alinto SOGo 52025-11-24
GHSA
GHSA-5mj7-xm92-5p4m: alinto SOGo 52025-11-24

📋Vendor Advisories

1
Debian
CVE-2025-63498: sogo - alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName...2025