CVE-2025-63498

Опубликовано: 24 нояб. 2025

Источник: debian

Описание

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.

Пакет	Статус	Версия исправления	Релиз	Тип
sogo	fixed	5.12.4-1		package
sogo	fixed	5.12.1-3+deb13u1	trixie	package
sogo	fixed	5.8.0-2+deb12u1	bookworm	package

https://github.com/Alinto/sogo/commit/9e20190fad1a437f7e1307f0adcfe19a8d45184c (SOGo-5.12.4)
https://github.com/xryptoh/CVE-2025-63498

CVE-2025-63498

CVSS3: 6.1

ubuntu

2 месяца назад

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.

CVE-2025-63498

CVSS3: 6.1

nvd

2 месяца назад

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.

GHSA-5mj7-xm92-5p4m

CVSS3: 6.1

github

2 месяца назад

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.