CVE-2014-9905

Published: Feb 17, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765

x_refsource_CONFIRM

[oss-security] 20160709 Re: CVE request: several SOGo issues (DOS, XSS, information leakage)

mailing-list

x_refsource_MLIST

https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501

x_refsource_CONFIRM

https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625

x_refsource_CONFIRM

https://sogo.nu/bugs/view.php?id=2598

x_refsource_CONFIRM

https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-9905

Description

Affected Products

References