CVE-2025-48993

Medium CVSS: 5.3

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application does not sanitize their input. This could result in a reflected cross-site scripting (XSS) attack. This issue has been patched in versions 6.8.123 and 25.0.27.

Vendor

Intermesh

Product

Group-office

CWE

CWE-79

Yayın Tarihi

2025-06-17 01:15:22

Güncelleme

2025-09-04 15:57:24

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Group Office MEDIUM Intermesh 2025

Referanslar

https://github.com/Intermesh/groupoffice/commit/1e2a2450f204174f87a93217838d74718996dcdd https://github.com/Intermesh/groupoffice/commit/a9031884f6a6fbd0f08a8b7790514b5bc0937c11 https://github.com/Intermesh/groupoffice/security/advisories/GHSA-xv2x-v374-92gv

Benzer Kayıtlar

Low

CVE-2026-30237

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, a…

Medium

CVE-2026-30238

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, a…

High

CVE-2026-27832

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, an…

Critical

CVE-2026-27947

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, an…

Medium

CVE-2025-48992

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27…

Medium

CVE-2025-48366

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20…