Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources HR and enterprise resource planning ERP platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. "The extensions work in concert to...

CVE-2025-57883

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

CVE-2025-61950

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

CVE-2025-61950

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

CVE-2025-58576

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...

CVE-2025-61950

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

Japan Total System多款产品 跨站脚本漏洞

Japan Total System GroupSession Free edition and others are an enterprise collaboration software from Japan Total System, Inc. A cross-site scripting vulnerability exists in various Japan Total System products, which stems from a stored cross-site scripting vulnerability that could result in...

Japan Total System多款产品 跨站脚本漏洞

Japan Total System GroupSession Free edition and others are an enterprise collaboration software from Japan Total System, Inc. A cross-site scripting vulnerability exists in various Japan Total System products, which stems from a stored cross-site scripting issue that could lead to arbitrary scri...

PT-2025-50872

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

CVE-2021-20789

Open redirect vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to redirect a us...

CVE-2021-20787

Cross-site scripting vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to inject...