VDB-215961 · CVE-2022-4558 · GCVE-100-215961

Alinto SOGo ଯେପର୍ଯ୍ୟନ୍ତ 5.7.1 Folder/Mail NSString+Utilities.m କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ

Rakkoon nageenyaa kan ସମସ୍ୟାଜନକ jedhamuun beekamu Alinto SOGo ଯେପର୍ଯ୍ୟନ୍ତ 5.7.1 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii SoObjects/SOGo/NSString+Utilities.m keessa kutaa Folder/Mail Handler keessa. Hojii jijjiirraa gara କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-79 geessa. Dadhabbii kana yeroo 12/16/2022 maxxanfameera akka 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2022-4558tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ଅପରିଭାଷିତ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Beekamtii paachii kanaa 1e0f5f00890f751e84d67be4f139dd7f00faa5f3 dha. Sirreeffamni rakkoo github.com irratti buufachuuf qophaa’eera. Qabiyyee miidhamte fooyyessuuf gorsa ni kennama. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 67 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/16/2022 03:28 PM	ଅଦ୍ୟତନ 1/2 01/13/2023 01:00 PM	ଅଦ୍ୟତନ 2/2 01/13/2023 01:09 PM
software_vendor	Alinto	Alinto	Alinto
software_name	SOGo	SOGo	SOGo
software_version	<=5.7.1	<=5.7.1	<=5.7.1
software_component	Folder/Mail Handler	Folder/Mail Handler	Folder/Mail Handler
software_file	SoObjects/SOGo/NSString+Utilities.m	SoObjects/SOGo/NSString+Utilities.m	SoObjects/SOGo/NSString+Utilities.m
vulnerability_cwe	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	1e0f5f00890f751e84d67be4f139dd7f00faa5f3	1e0f5f00890f751e84d67be4f139dd7f00faa5f3	1e0f5f00890f751e84d67be4f139dd7f00faa5f3
advisory_url	https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3	https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3	https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3
countermeasure_name	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ
upgrade_version	5.8.0	5.8.0	5.8.0
countermeasure_upgrade_url	https://github.com/Alinto/sogo/releases/tag/SOGo-5.8.0	https://github.com/Alinto/sogo/releases/tag/SOGo-5.8.0	https://github.com/Alinto/sogo/releases/tag/SOGo-5.8.0
patch_name	1e0f5f00890f751e84d67be4f139dd7f00faa5f3	1e0f5f00890f751e84d67be4f139dd7f00faa5f3	1e0f5f00890f751e84d67be4f139dd7f00faa5f3
countermeasure_patch_url	https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3	https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3	https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3
source_cve	CVE-2022-4558	CVE-2022-4558	CVE-2022-4558
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1671145200 (12/16/2022)	1671145200 (12/16/2022)	1671145200 (12/16/2022)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.5	3.5	3.5
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.4	3.4	3.4
cvss3_meta_basescore	3.5	3.5	4.4
cvss3_meta_tempscore	3.4	3.4	4.3
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1671145200 (12/16/2022)	1671145200 (12/16/2022)
cve_nvd_summary		A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. It is recommended to upgrade the affected component. The identifier VDB-215961 was assigned to this vulnerability.	A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. It is recommended to upgrade the affected component. The identifier VDB-215961 was assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss3_nvd_basescore			6.1
cvss3_cna_basescore			3.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!