CVE-2025-63498

🔶 medium

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.

CVSS Score

6.1

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2025-11-24

First Seen: 2026-01-05

Last Modified 2025-12-30

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE IDs (Weakness Types)

CWE-79

🔗 References 4

Patch

Release Notes

Exploit Third Party Advisory

Mailing List

Vendor	Product	Status	Affected Versions
debian	debian_linux	Affected	v11.0
alinto	sogo	Affected	v5.12.3

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-68670	⛔ critical	9.1	0.3	xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerabi...	2026-01-27
CVE-2026-24061	⛔ critical	9.8	29.6	telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment ...	2026-01-21
CVE-2025-6966	🔶 medium	5.5	0.0	NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause ...	2025-12-05
CVE-2025-63499	🔶 medium	6.1	0.0	Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.	2025-12-04
CVE-2025-64512	⚠️ high	8.6	0.1	Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documen...	2025-11-10
CVE-2025-10921	⚠️ high	7.8	0.1	GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a...	2025-10-29

These CVEs affect the same products