SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).
CVSS Score
2.0
EPSS Score
0.0
Published
2026-03-22
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-03-22
A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-24
Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-04