TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2014-9905

MEDIUM
6.1

Beschreibung

Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.

CVE Details

CVSS v3.1 Bewertung6.1
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht2/17/2017
Zuletzt geandert4/20/2025
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

alinto:sogo

Schwachen (CWE)

CWE-79

Referenzen

http://www.openwall.com/lists/oss-security/2016/07/09/3(cve@mitre.org)
https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9(cve@mitre.org)
https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501(cve@mitre.org)
https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765(cve@mitre.org)
https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625(cve@mitre.org)
https://sogo.nu/bugs/view.php?id=2598(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2016/07/09/3(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625(af854a3a-2127-422b-91ae-364da2661108)
https://sogo.nu/bugs/view.php?id=2598(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.