Lucene search
K

4 matches found

NVD
NVD
added 2025/06/17 1:15 a.m.11 views

CVE-2025-48993

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web applicatio...

6.1CVSS0.00211EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/17 12:43 a.m.6 views

CVE-2025-48993 Group-Office vulnerable to reflected XSS via Look and Feel Formatting input

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web applicatio...

5.3CVSS6AI score0.00211EPSS
Exploits0References3
CVE
CVE
added 2025/06/17 12:43 a.m.37 views

CVE-2025-48993

Group-Office (enterprise CRM/groupware) is affected by a reflected XSS via the Look and Feel Formatting fields. The issue arises because input in these fields is not properly sanitized. Affected versions: before 6.8.123 and before 25.0.27. Patches exist: 6.8.123 and 25.0.27. Remediation: upgrade ...

6.1CVSS5.6AI score0.00211EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/06/17 12:43 a.m.14 views

CVE-2025-48993 Group-Office vulnerable to reflected XSS via Look and Feel Formatting input

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web applicatio...

5.3CVSS0.00211EPSS
Exploits0References3
Rows per page
Query Builder