0006158: Cross-Site Scripting (XSS) - Stored - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0006158	SOGo	Web Address Book	public	2025-10-31 14:48	2025-11-02 11:53

Reporter	vrubim	Assigned To
Priority	high	Severity	crash	Reproducibility	always
Status	new	Resolution	open
Platform	[Server] Linux	OS	Ubuntu	OS Version	16.04 LTS
Product Version	5.12.4

Summary	0006158: Cross-Site Scripting (XSS) - Stored
Description	Stored Cross-Site Scripting occurs when an application receives data from an untrusted source and then includes that data in its subsequent HTTP responses in an insecure manner It is possible to set other undefined values in the category name, and to add XSS scripts. Endpoint: /Preferences#!/addressbooks
Steps To Reproduce	see screenshots.
Tags	Security

Date Modified	Username	Field
2025-10-31 14:48	vrubim	New Issue
2025-10-31 14:48	vrubim	Tag Attached: Security
2025-10-31 14:58	vrubim	Note Added: 0018365
2025-10-31 14:58	vrubim	File Added: 4.png
2025-10-31 14:58	vrubim	File Added: 3.png
2025-10-31 14:58	vrubim	File Added: 2.png
2025-10-31 14:58	vrubim	File Added: 1.png

vrubim 2025-10-31 14:58 reporter ~0018365	screenshots addeds 4.png (39,228 bytes) 4.png (39,228 bytes) 3.png (122,891 bytes) 3.png (122,891 bytes) 2.png (41,422 bytes) 2.png (41,422 bytes) 1.png (114,466 bytes) 1.png (114,466 bytes)