CVE-2025-63499 — Cross-site Scripting in Sogo

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 94.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 4

Description

Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶Debianalinto/sogo< 5.0.1-4+deb11u3+3

▶NVDalinto/sogo5.12.4

CVEList

CVE-2025-63499: Alinto Sogo 5↗2025-12-04

▶

OSV

CVE-2025-63499: Alinto Sogo 5↗2025-12-04

▶

GHSA

GHSA-mrxw-g8fq-xg2c: Alinto Sogo 5↗2025-12-04

▶

Debian

CVE-2025-63499: sogo - Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme par...↗2025

▶