CVE-2020-22402

Name of the Vulnerable Software and Affected Versions SOGo Web Mail versions prior to 4.3.1

Description The issue allows attackers to obtain user sensitive information when a user reads an email containing malicious code. This is due to a Cross Site Scripting (XSS) vulnerability.

Recommendations For SOGo Web Mail versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to emails from untrusted sources to minimize the risk of exploitation.