HTML Injection Vulnerability in Alinto SOGo
CVE-2023-48104

6.1MEDIUM

Key Information:

Vendor: Alinto
Status: Sogo
Vendor: CVE Published:; 16 January 2024

Badges

👾 Exploit Exists🟣 EPSS 10%

What is CVE-2023-48104?

Alinto SOGo versions prior to 5.9.1 are susceptible to an HTML injection vulnerability, which allows attackers to inject malicious HTML code into web applications. This can manipulate the content of the web page and potentially lead to unauthorized actions or data exposure. It is crucial for users to upgrade to the latest version to mitigate this risk and safeguard their data and applications. This issue has been documented in GitHub commits and highlights the importance of regular software updates and security practices.

References

https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d...

https://github.com/E1tex/CVE-2023-48104

https://habr.com/ru/articles/804863/

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2024
🟡
Public PoC available
Jan 10, 2024
👾
Exploit known to exist
Jan 10, 2024
Vulnerability Reserved
Nov 13, 2023