alinto 漏洞與 CVE 列表(18)

產品(CPE): — CVE 數: 18

alinto 漏洞概覽

彙總 alinto 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

已披露問題常與 跨站腳本、SQL 注入與輸入驗證問題 相關,可能在 軟體部署與生產負載 場景中帶來 工作階段劫持與異常行為 等暴露風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 11818 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-46446 SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin. [email protected] 7.1 0.24% 2026-05-14 2026-06-17
CVE-2026-46445 SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. [email protected] 7.1 0.24% 2026-05-14 2026-06-17
CVE-2026-33550 SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended). [email protected] 2.0 0.14% 2026-03-21 2026-06-17
CVE-2025-71276 SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories. [email protected] 6.4 0.14% 2026-03-21 2026-06-17
CVE-2026-3054 A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 2.1 0.40% 2026-02-23 2026-06-17
CVE-2025-63499 Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter. [email protected] 6.1 0.26% 2025-12-04 2026-06-17
CVE-2025-63498 alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter. [email protected] 6.1 0.24% 2025-11-24 2026-06-17
CVE-2024-24510 Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component. [email protected] 6.1 0.45% 2024-09-09 2026-06-17
CVE-2024-34462 Alinto SOGo through 5.10.0 allows XSS during attachment preview. [email protected] 6.1 0.34% 2024-05-04 2026-06-17
CVE-2023-48104 Alinto SOGo before 5.9.1 is vulnerable to HTML Injection. [email protected] 6.1 1.02% 2024-01-15 2026-06-17
CVE-2020-22402 Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code. [email protected] 6.1 0.38% 2023-06-14 2026-06-16
CVE-2022-4558 A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. It is recommended to upgrade the affected component. The identifier VDB [email protected] 3.5 0.56% 2022-12-16 2026-06-17
CVE-2022-4556 A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is efac49ae91a4a325df9931e78e543f707a0f8e5e. It is recommended to upgrade the affec [email protected] 3.5 0.56% 2022-12-16 2026-06-17
CVE-2015-5395 Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. [email protected] 8.8 0.90% 2017-09-20 2026-06-16
CVE-2016-6191 Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. [email protected] 6.1 1.19% 2017-02-17 2026-06-16
CVE-2016-6189 Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. [email protected] 4.3 1.40% 2017-02-17 2026-06-16
CVE-2014-9905 Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields. [email protected] 6.1 1.22% 2017-02-17 2026-06-16
CVE-2016-6188 Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. [email protected] 6.5 2.14% 2017-02-03 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence