CNNVD-202511-2600 Information

CNNVD ID

CNNVD-202511-2600

Related CVE

CVE-2025-63498

• CNNVD Published: 2025-11-24

Description (Chinese)

SOGo是Alinto开源的一个非常快速且可扩展的现代协作套件。它提供日历、地址簿管理和功能齐全的 Webmail 客户端以及资源共享和权限处理。 SOGo 5.12.3版本存在安全漏洞，该漏洞源于userName参数存在跨站脚本。

Description (English)

SOGO is a very fast and scalable modern collaboration package for Alinto. It provides a calendar, address book management and a fully functional Webmail client, as well as resource sharing and rights processing. There is a security loophole in SOGO version 5.12.3, which stems from the existence of a cross-site script of the userName parameter.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Alinto

Published

2025-11-24

Last Modified

2026-02-24

References

https://github.com/Alinto/sogo/commit/9e20190fad1a437f7e1307f0adcfe19a8d45184c https://github.com/xryptoh/CVE-2025-63498 https://vigilance.fr/vulnerability/SOGo-Cross-Site-Scripting-via-userName-48886

Patch

https://www.sogo.nu/download.html