Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/07/09/3 | Mailing List Patch VDB Entry |
https://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa | Patch |
https://sogo.nu/bugs/view.php?id=3718 | Vendor Advisory |
Configurations
History
20 Dec 2022, 16:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:* |
Information
Published : 2017-02-17 17:59
Updated : 2024-02-04 19:11
NVD link : CVE-2016-6191
Mitre link : CVE-2016-6191
CVE.ORG link : CVE-2016-6191
JSON object : View
Products Affected
alinto
- sogo
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')