CVE-2025-71276Cross-site Scripting in Sogo

CWE-79Cross-site Scripting6 documents6 sources
Severity
6.1MEDIUMNVD
CNA6.4
EPSS
0.0%
top 91.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Alinto Sogo
Timeline
PublishedMar 22

Description

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5alinto/sogo< 5.12.5
NVDalinto/sogo< 5.12.5
Debianalinto/sogo< 5.12.6-1

Patches

Patch: github.com

🔴Vulnerability Details

3
OSV
CVE-2025-71276: SOGo before 52026-03-22
CVEList
CVE-2025-71276: SOGo before 52026-03-22
GHSA
GHSA-c38q-j2vf-4r9p: SOGo before 52026-03-22

📋Vendor Advisories

1
Debian
CVE-2025-71276: sogo - SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and conta...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-71276 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-71276 — Cross-site Scripting in Alinto Sogo | cvebase