Alinto · Sogo · CVE-2025-63498
**Name of the Vulnerable Software and Affected Versions**
alinto SOGo version 5.12.3
**Description**
alinto SOGo version 5.12.3 is susceptible to Cross Site Scripting (XSS) attacks. The issue is related to the `userName` parameter. Exploitation of this issue could allow an attacker to inject malicious scripts into web pages viewed by other users.
**Recommendations**
Apply any available updates or patches for alinto SOGo version 5.12.3 to address the XSS vulnerability in the `userName` parameter.