Nixpkgs security tracker

Untriaged

Permalink CVE-2026-3054

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago

Alinto SOGo cross site scripting

A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-347412 | Alinto SOGo cross site scripting vdb-entrytechnical-description
VDB-347412 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #757609 | Inverse / SOGo Community SOGo Groupware 5.12.3 - 5.12.4 Cross Site Scripting third-party-advisory

Affected products

SOGo

==5.12.4
==5.12.3

Matching in nixpkgs

pkgs.sogo

Very fast and scalable modern collaboration suite (groupware)

nixos-unstable 5.12.4
- nixpkgs-unstable 5.12.4
- nixos-unstable-small 5.12.4
nixos-25.11 5.12.4
- nixos-25.11-small 5.12.4
- nixpkgs-25.11-darwin 5.12.4

Package maintainers

@jceb Jan Christoph Ebersbach <jceb@e-jc.de>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.sogo

Package maintainers