Nixpkgs security tracker

Permalink CVE-2026-3054

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): None (N)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Not Defined (X)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

Alinto SOGo cross site scripting

A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-347412 | Alinto SOGo cross site scripting vdb-entrytechnical-description
VDB-347412 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #757609 | Inverse / SOGo Community SOGo Groupware 5.12.3 - 5.12.4 Cross Site Scripting third-party-advisory

Affected products

SOGo

==5.12.4
==5.12.3

Matching in nixpkgs

pkgs.sogo

Very fast and scalable modern collaboration suite (groupware)

nixos-unstable 5.12.4
- nixpkgs-unstable 5.12.4
- nixos-unstable-small 5.12.4
nixos-25.11 5.12.4
- nixos-25.11-small 5.12.4
- nixpkgs-25.11-darwin 5.12.4

Package maintainers

@jceb Jan Christoph Ebersbach <jceb@e-jc.de>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.sogo

Package maintainers