Vulnerabilities (CVE)

Vendor filter

Inverse-inc Subscribe

Product filter

Sogo Subscribe

Filter

4 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-6190 1 Inverse-inc 1 Sogo 2017-02-22 4.0
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as...
CVE-2016-6189 1 Inverse-inc 1 Sogo 2017-02-22 4.0
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
CVE-2016-6191 1 Inverse-inc 1 Sogo 2017-02-22 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field.
CVE-2014-9905 1 Inverse-inc 1 Sogo 2017-02-22 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.