CVE-2022-4558

A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. It is recommended to upgrade the affected component. The identifier VDB-215961 was assigned to this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VulDBCNA
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
alintosogo
𝑥
< 5.8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sogo
bullseye (security)
vulnerable
bullseye
no-dsa
buster
no-dsa
bookworm
5.8.0-1
fixed
sid
5.11.2-1
fixed
trixie
5.11.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sogo
noble
dne
mantic
not-affected
lunar
not-affected
kinetic
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
ignored
Common Weakness Enumeration
References
https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3
https://github.com/Alinto/sogo/releases/tag/SOGo-5.8.0
https://vuldb.com/?id.215961
https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3
https://github.com/Alinto/sogo/releases/tag/SOGo-5.8.0
https://vuldb.com/?id.215961