PT-2025-47963 · Alinto+1 · Sogo+1
Alexander Klimenko
+1
·
Published
2025-11-24
·
Updated
2025-12-30
·
CVE-2025-63498
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
alinto SOGo version 5.12.3
Description
alinto SOGo version 5.12.3 is susceptible to Cross Site Scripting (XSS) attacks. The issue is related to the
userName parameter. Exploitation of this issue could allow an attacker to inject malicious scripts into web pages viewed by other users.Recommendations
Apply any available updates or patches for alinto SOGo version 5.12.3 to address the XSS vulnerability in the
userName parameter.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Sogo