Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T14:02:38.158Z
Reserved: 2016-07-09T00:00:00
Link: CVE-2014-9905

No data.

Status : Deferred
Published: 2017-02-17T17:59:00.140
Modified: 2025-04-20T01:37:25.860
Link: CVE-2014-9905

No data.

No data.