CVE-2014-9905
Publication date 17 February 2017
Last updated 25 August 2025
Ubuntu priority
Cvss 3 Severity Score
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| sogo | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
Notes
Patch details
| Package | Patch details |
|---|---|
| sogo |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
6.1 · Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N