CNNVD-202512-476 Information
CNNVD ID
CNNVD-202512-476
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
SOGo是Alinto开源的一个非常快速且可扩展的现代协作套件。它提供日历、地址簿管理和功能齐全的 Webmail 客户端以及资源共享和权限处理。 SOGo 5.12.3版本存在安全漏洞,该漏洞源于theme参数容易受到跨站脚本攻击。
Description (English)
SOGO is a very fast and scalable modern collaboration package for Alinto. It provides a calendar, address book management and a fully functional Webmail client, as well as resource sharing and rights processing. The security gap in SOGO version 5.12.3 stems from the vulnerability of theme parameters to cross-site script attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Alinto
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/poblaguev-tot/CVE-2025-63499 https://email.victim.com/SOGo/so/victim@victim.com/Mail/view?theme=%27%3CScRiPt%20%3Ealert%289998%29%3C%2FScRiPt%3E https://access.redhat.com/security/cve/cve-2025-63499
Patch
https://github.com/Alinto/sogo/releases
Share on: