Alinto: Security Vulnerabilities
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-02-17
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-02-17
Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.
CVSS Score
6.5
EPSS Score
0.015
Published
2017-02-03
Page 2