CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

EUVD-2026-33290

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any userid via index.php?r=core/saveSetting. A separate client-side sink in the email module...

5.1CVSS5.9AI score0.00043EPSS

Exploits0References1

Positive Technologies•added 6 days ago•5 views

PT-2026-44827

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any user id via index.php?r=core/saveSetting. A separate client-side sink in the email module...

5.1CVSS5.9AI score0.00043EPSS

Exploits0References2

CNNVD•added 2026/03/27 12:0 a.m.•3 views

groupoffice SQL注入漏洞

GroupOffice is an open-source groupware and CRM solution developed by Intermesh. Versions of GroupOffice prior to 6.8.158, 25.0.92, and 26.0.17 contain SQL injection vulnerabilities. These vulnerabilities stem from authenticated SQL injections at the JMAP Contact/query endpoint, which may lead to...

8.8CVSS6AI score0.00016EPSS

Exploits1References1

RedhatCVE•added 2026/03/08 1:44 a.m.•1 views

CVE-2026-30237

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a ,...

6.1CVSS5.8AI score0.00017EPSS

Exploits1References1

RedhatCVE•added 2026/03/08 1:44 a.m.•3 views

CVE-2026-30238

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...

6.1CVSS5.8AI score0.00017EPSS

Exploits1References1

NVD•added 2026/03/06 10:16 p.m.•4 views

CVE-2026-30237

6.1CVSS0.00017EPSS

Exploits1References1

NVD•added 2026/03/06 10:16 p.m.•2 views

CVE-2026-30238

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...

6.1CVSS0.00017EPSS

Exploits1References1

EUVD•added 2026/03/06 9:14 p.m.•3 views

EUVD-2026-10080

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter Base64 JSON is decoded and then injected into an inline JavaScript...

5.1CVSS5.9AI score0.00017EPSS

Exploits1References1

ATTACKERKB•added 2026/03/06 9:13 p.m.•3 views

CVE-2026-30237

2.1CVSS5.8AI score0.00017EPSS

Exploits1References2Affected Software1

OSV•added 2026/03/06 9:13 p.m.•2 views

CVE-2026-30237 Group-Office: Self XSS in GroupOffice Installer License Page (install/license.php)

2.1CVSS5.8AI score0.00017EPSS

Exploits1References3

EUVD•added 2026/03/06 9:13 p.m.•2 views

EUVD-2026-10079

2.1CVSS5.8AI score0.00017EPSS

Exploits1References1

Vulnrichment•added 2026/03/06 9:13 p.m.•3 views

CVE-2026-30237 Group-Office: Self XSS in GroupOffice Installer License Page (install/license.php)

2.1CVSS5.8AI score0.00017EPSS

Exploits1References1

Cvelist•added 2026/03/06 9:13 p.m.•16 views

CVE-2026-30237 Group-Office: Self XSS in GroupOffice Installer License Page (install/license.php)

2.1CVSS0.00017EPSS

Exploits1References1

CNNVD•added 2026/03/06 12:0 a.m.•4 views

groupoffice 跨站脚本漏洞

GroupOffice is an open-source groupware and CRM developed by Intermesh. Versions of GroupOffice prior to 6.8.155, 25.0.88, and 26.0.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the POST field in the installation script install/license.php, where the field was...

6.1CVSS5.7AI score0.00017EPSS

Exploits1References2

Positive Technologies•added 2026/03/06 12:0 a.m.•2 views

PT-2026-23757

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.155 Group-Office versions prior to 25.0.88 Group-Office versions prior to 26.0.10 Description Group-Office is a customer relationship management and groupware tool. A reflected cross-site scripting XSS issue...

2.1CVSS5.7AI score0.00017EPSS

Exploits1References3

Positive Technologies•added 2026/03/06 12:0 a.m.•4 views

PT-2026-23758

5.1CVSS6AI score0.00017EPSS

Exploits1References3

CNNVD•added 2026/03/06 12:0 a.m.•4 views

groupoffice 跨站脚本漏洞

GroupOffice is an open-source groupware and CRM developed by Intermesh. Versions of GroupOffice prior to 6.8.155, 25.0.88, and 26.0.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the f parameter in the external/index process being decoded without proper escapin...

6.1CVSS5.7AI score0.00017EPSS

Exploits1References2

CNNVD•added 2026/02/27 12:0 a.m.•4 views

groupoffice SQL注入漏洞

GroupOffice is an open-source groupware and CRM solution developed by Intermesh. Versions of GroupOffice prior to 26.0.8, 25.0.87, and 6.8.153 contain SQL injection vulnerabilities. These vulnerabilities stem from improper handling of the advancedQueryData parameter, which may lead to SQL injecti...

8.8CVSS5.9AI score0.00043EPSS

Exploits0References2

NVD•added 2026/02/04 9:16 p.m.•4 views

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS0.23825EPSS

Exploits2References2