Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.4 views

PT-2026-6303

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.150 Group-Office versions prior to 25.0.82 Group-Office versions prior to 26.0.5 Description An authenticated user with System Administrator privileges can trigger a server-side request forgery SSRF through t...

8.2CVSS5.5AI score0.00396EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2025/11/18 7:54 p.m.155 views

Exploit for CVE-2025-63406

CVE-2025-63406 PoC Installation bash Install depende...

8.8CVSS7.4AI score0.00663EPSS
Exploits3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-2712

Malware in sbrugna...

4.3CVSS6.4AI score0.01114EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-25453

Malicious code in bioql PyPI...

5.3CVSS4.8AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-18452

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00206EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/21 4:29 a.m.8 views

CVE-2025-53504

Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser...

5.4CVSS0.00169EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/19 1:10 a.m.7 views

CVE-2025-48993

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web applicatio...

5.3CVSS5.5AI score0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/17 12:43 a.m.4 views

CVE-2025-48993 Group-Office vulnerable to reflected XSS via Look and Feel Formatting input

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web applicatio...

5.3CVSS6AI score0.00206EPSS
Exploits0References3
CVE
CVE
added 2025/06/17 12:43 a.m.33 views

CVE-2025-48993

Group-Office (enterprise CRM/groupware) is affected by a reflected XSS via the Look and Feel Formatting fields. The issue arises because input in these fields is not properly sanitized. Affected versions: before 6.8.123 and before 25.0.27. Patches exist: 6.8.123 and 25.0.27. Remediation: upgrade ...

6.1CVSS5.6AI score0.00206EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.5 views

PT-2025-25592 · Unknown · Group-Office

Name of the Vulnerable Software and Affected Versions: Group-Office versions prior to 6.8.123 Group-Office versions prior to 25.0.27 Description: A stored and blind cross-site scripting XSS issue exists in the Name Field of the user profile. An attacker can change their name to a javascript...

6.3CVSS5.2AI score0.00224EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/24 6:13 p.m.23 views

CVE-2025-48366

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...

7.9CVSS6AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:43 a.m.8 views

CVE-2024-23941

Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

5.4CVSS6.5AI score0.00618EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:33 a.m.6 views

CVE-2024-22418

Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename suc...

6.5CVSS7.5AI score0.00424EPSS
Exploits1References1
NVD
NVD
added 2025/05/22 6:15 p.m.14 views

CVE-2025-48369

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting XSS vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an fil...

6.3CVSS0.00214EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.5 views

PT-2025-22528 · Unknown · Group-Office

Name of the Vulnerable Software and Affected Versions: Group-Office versions prior to 6.8.119 Group-Office versions prior to 25.0.20 Description: A DOM-based Cross-Site Scripting XSS issue exists in the Group-Office application, allowing attackers to execute arbitrary JavaScript code in the conte...

6.5CVSS5.8AI score0.00218EPSS
Exploits1References7
Rows per page
Query Builder