Cross-Site Scripting Vulnerability in SOGo by Alinto
CVE-2025-71276

6.4MEDIUM

Key Information:

Vendor: Alinto
Status: Sogo
Vendor: CVE Published:; 22 March 2026

What is CVE-2025-71276?

SOGo versions before 5.12.5 contain a Cross-Site Scripting (XSS) vulnerability that affects the handling of events, tasks, and contacts. This flaw allows attackers to inject arbitrary scripts into web applications viewed by other users, potentially leading to unauthorized actions and data compromise. Users are urged to update to the latest version of SOGo to mitigate this risk and enhance their overall security posture.

Affected Version(s)

SOGo 0 < 5.12.5

References

https://github.com/Alinto/sogo/commit/e9b3f2a43d7557e8416...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2026
Vulnerability Reserved
Mar 22, 2026

CVE-2025-71276 Data

JSON