Lucene search
K

49 matches found

Cvelist
Cvelist
added 2025/05/22 5:29 p.m.18 views

CVE-2025-48368 GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting XSS vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim'...

6.5CVSS0.00218EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/22 5:28 p.m.7 views

CVE-2025-48366 GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...

7.9CVSS5.8AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2025/05/22 5:28 p.m.67 views

CVE-2025-48366

GroupOffice (Intermesh BV) contains a stored blind XSS in the user profile Phone Number field, exploitable prior to versions 6.8.119 and 25.0.20. The payload can persist and execute when other users view the Address Book, enabling actions like forced redirects and unauthorized fetches. Versions 6...

7.9CVSS5.8AI score0.0022EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/22 5:28 p.m.18 views

CVE-2025-48366 GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...

7.9CVSS0.0022EPSS
Exploits0References1
OSV
OSV
added 2025/05/22 5:28 p.m.4 views

CVE-2025-48366 GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...

7.9CVSS6.2AI score0.0022EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/18 8:44 p.m.33 views

CVE-2024-22418 Stored Cross-site Scripting Vulnerability via Malicious File Names in GroupOffice

Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename suc...

6.5CVSS6.9AI score0.00424EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2023/08/25 12:0 a.m.338 views

Groupoffice 3.4.21 Directory Traversal

==================================================================================================================================== | Title : Groupoffice v3.4.21 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/02/27 12:0 a.m.31 views

GroupOffice 5.0.44 Cross Site Scripting

============================================================== Title ...| GroupOffice Multiple XSS Version .| groupoffice-com-5.0.44.tar.gz Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| https://www.group-office.com/ ==============================================================...

Exploits0
Packet Storm
Packet Storm
added 2011/03/24 12:0 a.m.34 views

GroupOffice 3.6.22 Cross Site Request Forgery

------------------------------------------------------------------------ --Description-- A cross-site request forgery vulnerability in GroupOffice 3.6.22 can be exploited to create a new admin. --PoC-- input type="hidden" name="modules"...

0.6AI score
Exploits0
Rows per page
Query Builder