49 matches found
CVE-2025-48368 GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting XSS vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim'...
CVE-2025-48366 GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...
CVE-2025-48366
GroupOffice (Intermesh BV) contains a stored blind XSS in the user profile Phone Number field, exploitable prior to versions 6.8.119 and 25.0.20. The payload can persist and execute when other users view the Address Book, enabling actions like forced redirects and unauthorized fetches. Versions 6...
CVE-2025-48366 GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...
CVE-2025-48366 GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...
CVE-2024-22418 Stored Cross-site Scripting Vulnerability via Malicious File Names in GroupOffice
Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename suc...
Groupoffice 3.4.21 Directory Traversal
==================================================================================================================================== | Title : Groupoffice v3.4.21 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...
GroupOffice 5.0.44 Cross Site Scripting
============================================================== Title ...| GroupOffice Multiple XSS Version .| groupoffice-com-5.0.44.tar.gz Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| https://www.group-office.com/ ==============================================================...
GroupOffice 3.6.22 Cross Site Request Forgery
------------------------------------------------------------------------ --Description-- A cross-site request forgery vulnerability in GroupOffice 3.6.22 can be exploited to create a new admin. --PoC-- input type="hidden" name="modules"...