Arseniy Poblaguev

**Name of the Vulnerable Software and Affected Versions** Alinto Sogo version 5.12.3 **Description** Alinto Sogo 5.12.3 is susceptible to Cross Site Scripting (XSS) attacks. The issue is located in the handling of the `theme` parameter. Successful exploitation could allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize or encode the `theme` parameter to prevent the execution of malicious scripts.