CVE-2026-30237

Low CVSS: 2.1

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a <textarea>, allowing a </textarea><script>...</script> breakout.. This issue has been patched in versions 6.8.155, 25.0.88, and 26.0.10.

Vendor

Intermesh

Product

Group-office

CWE

CWE-79

Yayın Tarihi

2026-03-06 22:16:01

Güncelleme

2026-03-11 13:33:49

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Group Office LOW Intermesh 2026

Referanslar

https://github.com/Intermesh/groupoffice/security/advisories/GHSA-hchr-32xh-x5rx

Benzer Kayıtlar

Medium

CVE-2026-30238

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, a…

High

CVE-2026-27832

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, an…

Critical

CVE-2026-27947

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, an…

Medium

CVE-2025-48993

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27…

Medium

CVE-2025-48992

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27…

Medium

CVE-2025-48366

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20…