Hivert Quentin

4 exploits Active since May 2024
CVE-2025-63498 WRITEUP MEDIUM WRITEUP
alinto SOGo <5.12.3 - XSS
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.
CVSS 6.1
CVE-2025-71276 WRITEUP MEDIUM WRITEUP
Alinto Sogo < 5.12.5 - XSS
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
CVSS 6.4
CVE-2026-33550 WRITEUP LOW WRITEUP
SOGo <5.12.5 - OTP Weakness
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).
CVSS 2.0
CVE-2024-34462 WRITEUP MEDIUM WRITEUP
Alinto SOGo <5.10.0 - XSS
Alinto SOGo through 5.10.0 allows XSS during attachment preview.
CVSS 6.1