threat
engine
.sh
Back
·
··:··
Home
/
Product
/
alinto sogo
Product
alinto sogo
17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-33550
< 5.12.5
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the
2.0
LOW
CVE-2025-71276
< 5.12.5
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
6.4
MEDIUM
CVE-2026-3054
all versions
A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hi
4.3
MEDIUM
CVE-2025-63499
<= 5.12.4
Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.
6.1
MEDIUM
CVE-2025-63498
all versions
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.
6.1
MEDIUM
CVE-2024-24510
< 5.10.0
Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import
6.1
MEDIUM
CVE-2024-34462
< 5.11.0
Alinto SOGo through 5.10.0 allows XSS during attachment preview.
6.1
MEDIUM
CVE-2023-48104
< 5.9.1
Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.
6.1
MEDIUM
CVE-2022-4558
< 5.8.0
A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the f
3.5
LOW
CVE-2022-4556
< 5.8.0
A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrat
3.5
LOW
CVE-2021-33054
>= 2.0.6 and < 2.4.1
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any ac
7.5
HIGH
CVE-2015-5395
< 3.1.0
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
8.8
HIGH
CVE-2016-6191
<= 3.1.2
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow rem
6.1
MEDIUM
CVE-2016-6190
<= 2.3.11
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authentica
4.3
MEDIUM
CVE-2016-6189
< 2.3.12
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information
4.3
MEDIUM
CVE-2014-9905
<= 2.1.1
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbi
6.1
MEDIUM
CVE-2016-6188
all versions
Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts
6.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin