Daniil Khomichenok

**Name of the Vulnerable Software and Affected Versions** alinto SOGo version 5.12.3 **Description** alinto SOGo version 5.12.3 is susceptible to Cross Site Scripting (XSS) attacks. The issue is related to the `userName` parameter. Exploitation of this issue could allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Apply any available updates or patches for alinto SOGo version 5.12.3 to address the XSS vulnerability in the `userName` parameter.

**Name of the Vulnerable Software and Affected Versions** Alinto Sogo version 5.12.3 **Description** Alinto Sogo 5.12.3 is susceptible to Cross Site Scripting (XSS) attacks. The issue is located in the handling of the `theme` parameter. Successful exploitation could allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize or encode the `theme` parameter to prevent the execution of malicious scripts.