CVE-2025-64781

Medium CVSS: 5.1

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL.

Vendor

Groupsession

Product

Groupsession

CWE

CWE-1188

Yayın Tarihi

2025-12-12 05:16:11

Güncelleme

2026-02-17 15:14:09

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-1188 Groupsession MEDIUM Groupsession 2025

Referanslar

https://groupsession.jp/info/info-news/security20251208 https://jvn.jp/en/jp/JVN19940619/

Benzer Kayıtlar

Medium

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud…

Medium

CVE-2025-66284

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud p…

Medium

CVE-2025-62192

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.…

Medium

CVE-2025-54407

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud pr…

Medium

CVE-2025-57883

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud…

Medium

CVE-2025-58576

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud pri…