Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-71276

6.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 4 weeks ago

SOGo before 5.12.5 is prone to a XSS vulnerability with …

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

References

https://github.com/Alinto/sogo/commit/e9b3f2a43d7557e8416f6749df4ab4f9128af2d1

Affected products

SOGo

<5.12.5

Matching in nixpkgs

pkgs.sogo

Very fast and scalable modern collaboration suite (groupware)

nixos-unstable 5.12.4
- nixpkgs-unstable 5.12.4
- nixos-unstable-small 5.12.4
nixos-25.11 5.12.4
- nixos-25.11-small 5.12.4
- nixpkgs-25.11-darwin 5.12.4

Package maintainers

@jceb Jan Christoph Ebersbach <jceb@e-jc.de>