Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-04
Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component.
CVSS Score
6.1
EPSS Score
0.011
Published
2024-09-09
Alinto SOGo through 5.10.0 allows XSS during attachment preview.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-05-04
Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.
CVSS Score
6.1
EPSS Score
0.103
Published
2024-01-16