PT-2026-26960 · Sogo · Sogo
Published
2026-03-22
·
Updated
2026-03-24
·
CVE-2025-71276
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SOGo versions prior to 5.12.5
Description
SOGo groupware is susceptible to a cross-site scripting (XSS) issue affecting events, tasks, and contacts categories. The issue allows for potential malicious code execution within the browser of a user interacting with the affected features.
Recommendations
Update SOGo to version 5.12.5 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sogo