CVE-2025-61987

Medium CVSS: 6.9

GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may be exposed.

Vendor

Groupsession

Product

Groupsession

CWE

CWE-1385

Yayın Tarihi

2025-12-12 05:16:07

Güncelleme

2026-02-17 15:31:00

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-1385 Groupsession MEDIUM Groupsession 2025

Referanslar

https://groupsession.jp/info/info-news/security20251208 https://jvn.jp/en/jp/JVN19940619/

Benzer Kayıtlar

Medium

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud…

Medium

CVE-2025-66284

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud p…

Medium

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to v…

Medium

CVE-2025-62192

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.…

Medium

CVE-2025-54407

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud pr…

Medium

CVE-2025-57883

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud…