CVE-2025-48992 Group-Office vulnerable to blind XSS

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting XSS vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, whi...

PT-2025-22529 · Unknown · Group-Office

Name of the Vulnerable Software and Affected Versions: Group-Office versions prior to 6.8.119 and 25.0.20 Description: The issue is a persistent Cross-Site Scripting XSS vulnerability in Group-Office's tasks comment functionality. This allows attackers to execute arbitrary JavaScript by uploading...