3 matches found
CVE-2025-65120
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...
CVE-2025-61950
CVE-2025-61950 affects Japan Total System GroupSession family (Free edition before ver5.3.0, byCloud before ver5.3.3, ZION before ver5.3.2). Description: an authenticated user can bypass authorization and alter the memo field of a Circular notice due to an improper authorization check. Impact des...
CVE-2021-20785
Cross-site scripting vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to inject...