CVE-2025-66284

Medium CVSS: 4.8

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when another user accesses it.

Vendor

Groupsession

Product

Groupsession

CWE

CWE-79

Yayın Tarihi

2025-12-12 05:16:12

Güncelleme

2026-02-17 15:07:21

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-79 Groupsession MEDIUM Groupsession 2025

Referanslar

https://groupsession.jp/info/info-news/security20251208 https://jvn.jp/en/jp/JVN19940619/

Benzer Kayıtlar

Medium

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud…

Medium

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to v…

Medium

CVE-2025-62192

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.…

Medium

CVE-2025-54407

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud pr…

Medium

CVE-2025-57883

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud…

Medium

CVE-2025-58576

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud pri…