CVE-2024-24510

🔶 medium

Summary

Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component.

CVSS Score

6.1

Medium

EPSS Score

2.2

Exploit Probability

Published Date

2024-09-09

First Seen: 2026-01-05

Last Modified 2025-06-17

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE IDs (Weakness Types)

CWE-79

🔗 References 2

https://book.hacktricks.xyz/pentesting-web/xs-search...

Broken Link

https://github.com/Alinto/sogo/commit/21468700718ed7...

Patch

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
alinto	sogo	Affected	< 5.10.0

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-63499	🔶 medium	6.1	0.0	Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.	2025-12-04
CVE-2025-63498	🔶 medium	6.1	0.1	alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.	2025-11-24
CVE-2024-34462	🔶 medium	6.1	0.1	Alinto SOGo through 5.10.0 allows XSS during attachment preview.	2024-05-04
CVE-2023-48104	🔶 medium	6.1	14.4	Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.	2024-01-16
CVE-2022-4556	ℹ️ low	3.5	0.2	A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the functi...	2022-12-16
CVE-2022-4558	ℹ️ low	3.5	0.3	A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown par...	2022-12-16

These CVEs affect the same products