PT-2022-27574 · Alinto+2 · Alinto Sogo+2
Woodyslum
·
Published
2022-12-01
·
Updated
2022-12-22
·
CVE-2022-4556
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Alinto SOGo versions up to 5.7.1
Description
A vulnerability was found in the Identity Handler component, specifically in the function
migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m. The manipulation of the argument fullName leads to cross-site scripting. The attack may be launched remotely.Recommendations
For Alinto SOGo versions up to 5.7.1, upgrade to version 5.8.0 to address this issue.
Fix
Improper Neutralization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Alinto Sogo
Debian