15 matches found
PT-2026-6303
Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.150 Group-Office versions prior to 25.0.82 Group-Office versions prior to 26.0.5 Description An authenticated user with System Administrator privileges can trigger a server-side request forgery SSRF through t...
Exploit for CVE-2025-63406
CVE-2025-63406 PoC Installation bash Install depende...
EUVD-2007-2712
Malware in sbrugna...
EUVD-2025-25453
Malicious code in bioql PyPI...
EUVD-2025-18452
Malicious code in bioql PyPI...
CVE-2025-53504
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser...
CVE-2025-48993
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web applicatio...
CVE-2025-48993 Group-Office vulnerable to reflected XSS via Look and Feel Formatting input
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web applicatio...
CVE-2025-48993
Group-Office (enterprise CRM/groupware) is affected by a reflected XSS via the Look and Feel Formatting fields. The issue arises because input in these fields is not properly sanitized. Affected versions: before 6.8.123 and before 25.0.27. Patches exist: 6.8.123 and 25.0.27. Remediation: upgrade ...
PT-2025-25592 · Unknown · Group-Office
Name of the Vulnerable Software and Affected Versions: Group-Office versions prior to 6.8.123 Group-Office versions prior to 25.0.27 Description: A stored and blind cross-site scripting XSS issue exists in the Name Field of the user profile. An attacker can change their name to a javascript...
CVE-2025-48366
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...
CVE-2024-23941
Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...
CVE-2024-22418
Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename suc...
CVE-2025-48369
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting XSS vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an fil...
PT-2025-22528 · Unknown · Group-Office
Name of the Vulnerable Software and Affected Versions: Group-Office versions prior to 6.8.119 Group-Office versions prior to 25.0.20 Description: A DOM-based Cross-Site Scripting XSS issue exists in the Group-Office application, allowing attackers to execute arbitrary JavaScript code in the conte...