Cross-Site Scripting Vulnerabilities in SOGo Web Calendar

CVE-2014-9905

What is CVE-2014-9905?

Multiple cross-site scripting (XSS) vulnerabilities exist in the Web Calendar component of SOGo prior to version 2.2.0. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML into the application through manipulated appointment titles or contact fields, potentially compromising user data and application security.

References