CVE-2016-6191

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-6191

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6191.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-6191

Downstream

DEBIAN-CVE-2016-6191

UBUNTU-CVE-2016-6191

Published

2017-02-17T17:59:00Z

Modified

2025-10-21T03:52:42.469744Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field.

References

Affected packages

Git / github.com/alinto/sogo

Affected ranges

Type: GIT
Repo: https://github.com/alinto/sogo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

64ce3c9c22fd9a28caabf11e76216cd53d0245aa

Affected versions

SOGo-2.*

SOGo-2.0.0

SOGo-2.0.1

SOGo-2.0.2

SOGo-2.2.17a

SOGo-2.2.20

SOGo-2.3.0

SOGo-3.*

SOGo-3.0.0

SOGo-3.0.0b1

SOGo-3.0.0b2

SOGo-3.0.0b3

SOGo-3.0.0b4

SOGo-3.0.0b5

SOGo-3.0.1

SOGo-3.0.2

SOGo-3.1.0

SOGo-3.1.2