Qhivert

**Name of the Vulnerable Software and Affected Versions** SOGo versions prior to 5.12.5 **Description** SOGo does not properly renew One-Time Passwords (OTPs) when a user disables and re-enables them. Additionally, the generated OTPs have a length of only 12 digits, which is shorter than the recommended 20 digits. **Recommendations** Update to version 5.12.5 or later.

**Name of the Vulnerable Software and Affected Versions** Alinto SOGo versions through 5.10.0 **Description** The issue allows for XSS during attachment preview. **Recommendations** For versions through 5.10.0, update to a version later than 5.10.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.