PT-2022-27576 · Alinto+2 · Alinto Sogo+2
Published
2022-12-01
·
Updated
2022-12-22
·
CVE-2022-4558
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Alinto SOGo versions up to 5.7.1
Description
A problematic issue has been found, affecting an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely.
Recommendations
For versions up to 5.7.1, upgrade to version 5.8.0 to address this issue. As a temporary workaround, consider restricting access to the affected component until the upgrade is applied.
Fix
Improper Neutralization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Alinto Sogo
Debian