Woodyslum

**Name of the Vulnerable Software and Affected Versions** Alinto SOGo versions prior to 5.10.0 **Description** A Cross Site Scripting issue exists in Alinto SOGo, allowing a remote attacker to execute arbitrary code via the import function to the mail component. This can be exploited by a remote attacker. **Recommendations** For versions prior to 5.10.0, update to version 5.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the import function in the mail component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Alinto SOGo versions up to 5.7.1 **Description** A vulnerability was found in the Identity Handler component, specifically in the function ` migrateMailIdentities` of the file `SoObjects/SOGo/SOGoUserDefaults.m`. The manipulation of the argument `fullName` leads to cross-site scripting. The attack may be launched remotely. **Recommendations** For Alinto SOGo versions up to 5.7.1, upgrade to version 5.8.0 to address this issue.