CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-9905

Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.5%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2014-9905

Alinto » Sogo » Version: N/A

cpe:2.3:a:alinto:sogo:-
Alinto » Sogo » Version: 2.0.0

cpe:2.3:a:alinto:sogo:2.0.0
Alinto » Sogo » Version: 2.0.1

cpe:2.3:a:alinto:sogo:2.0.1
Alinto » Sogo » Version: 2.0.2

cpe:2.3:a:alinto:sogo:2.0.2
Alinto » Sogo » Version: 2.0.3

cpe:2.3:a:alinto:sogo:2.0.3
Alinto » Sogo » Version: 2.0.4

cpe:2.3:a:alinto:sogo:2.0.4
Alinto » Sogo » Version: 2.0.5

cpe:2.3:a:alinto:sogo:2.0.5
Alinto » Sogo » Version: 2.0.6

cpe:2.3:a:alinto:sogo:2.0.6
Alinto » Sogo » Version: 2.0.7

cpe:2.3:a:alinto:sogo:2.0.7
Alinto » Sogo » Version: 2.1.0

cpe:2.3:a:alinto:sogo:2.1.0
Alinto » Sogo » Version: 2.1.1

cpe:2.3:a:alinto:sogo:2.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-9905

Products

Pricing

Contact Us