CVE-2014-9905

Priority
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in
SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or
HTML via the (1) title of an appointment or (2) contact fields.
Notes
 tyhicks> upstream bug tracker says this is fixed in 2.2.0
More Information

Updated: 2019-01-14 21:16:25 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)