CVE-2025-63499

🔶 medium

Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.

CVSS Score

6.1

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2025-12-04

First Seen: 2026-01-05

Last Modified 2025-12-18

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE IDs (Weakness Types)

CWE-79

🔗 References 3

Broken Link

Exploit Third Party Advisory

Exploit Third Party Advisory

Vendor	Product	Status	Affected Versions
alinto	sogo	Affected	≤ 5.12.4

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-63498	🔶 medium	6.1	0.1	alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.	2025-11-24
CVE-2024-24510	🔶 medium	6.1	2.2	Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via t...	2024-09-09
CVE-2024-34462	🔶 medium	6.1	0.1	Alinto SOGo through 5.10.0 allows XSS during attachment preview.	2024-05-04
CVE-2023-48104	🔶 medium	6.1	14.4	Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.	2024-01-16
CVE-2022-4556	ℹ️ low	3.5	0.2	A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the functi...	2022-12-16
CVE-2022-4558	ℹ️ low	3.5	0.3	A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown par...	2022-12-16

These CVEs affect the same products