## https://sploitus.com/exploit?id=3838F495-C9CA-50ED-A343-987DC0F0A8A8
# CVE-2023-48104
HTML Injection in Alinto/SOGo Web Client
## Vendor of Product
Alinto
## Vulnerability Type
HTML Injection
## Affected Versions
SOGo Web Mail < 5.9.1
## Attack Vectors
Phishing - In the body of the message, you can inject a malicious form that will send the entered data to the attacker.
## Additional Information
The fix to prevent form tag in mail body has been made -> https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098
## Discoverer
Spiridonov Ivan/E1tex
## PoC
For demonstration purposes only. PoC Exploit works on SOGo vulnerable clients.