Shodan
Vulnerabilities
Vulnerable Software
Alinto:  Security Vulnerabilities
CVE-2026-33550
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).
CVSS Score
2.0
EPSS Score
0.0
Published
2026-03-22
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-03-22
CVE-2026-3054
A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.1
EPSS Score
0.0
Published
2026-02-24
CVE-2025-63499
Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-04
CVE-2025-63498
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-24
CVE-2024-24510
Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component.
CVSS Score
6.1
EPSS Score
0.01
Published
2024-09-09
CVE-2024-34462
Alinto SOGo through 5.10.0 allows XSS during attachment preview.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-05-04
CVE-2023-48104
Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.
CVSS Score
6.1
EPSS Score
0.154
Published
2024-01-16
CVE-2020-22402
Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-06-14
CVE-2022-4556
A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is efac49ae91a4a325df9931e78e543f707a0f8e5e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215960.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-12-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved