855 matches found
CVE-2009-3172
Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Server Set 03-00 through 06-52, Groupware Server Set 03-00 through 06-52, and Scheduler Server Set 03-00 through 06-52 has unknown impact and attack vectors related to invalid access rights...
Tiki Wiki CMS Groupware < 21.12, 22.0 < 24.8, 25.0 < 27.2, 28.0 < 28.3 Code Injection Vulnerability
Tiki Wiki CMS Groupware is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Tiki Wiki CMS Groupware <= 29.0 Multiple XSS Vulnerabilities
Tiki Wiki CMS Groupware is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Tiki Wiki CMS Groupware < 28.0 Multiple Vulnerabilities
Tiki Wiki CMS Groupware is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-25191
Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100...
CVE-2025-25198
mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...
CVE-2025-25198
mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...
CVE-2021-26630
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function...
Debian dla-3924 : php-horde-mime-viewer - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3924 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3924-1 [email protected] https://www.debian.org/lts/security/...
CVE-2024-41960
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...
CVE-2024-41959
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...
CVE-2024-41960 Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...
CVE-2024-41960
CVE-2024-41960 affects mailcow: dockerized (Relay Hosts configuration). An authenticated admin can inject a JavaScript payload into the Relay Hosts config, and the payload executes in the user’s browser when the configuration page is viewed, enabling arbitrary script execution in the user context...
CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...
Fedora: Security Advisory (FEDORA-2024-123f2b3666)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: cyrus-imapd-3.8.3-1.fc39
The Cyrus IMAP Internet Message Access Protocol server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use from...
[SECURITY] Fedora 40 Update: cyrus-imapd-3.8.3-1.fc40
The Cyrus IMAP Internet Message Access Protocol server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use from...
CVE-2024-31204
CVE-2024-31204 affects mailcow: dockerized prior to 2024-04. The issue is in the exception handling path when DEV_MODE is disabled: exception details are stored in a session array without proper sanitization and later rendered into HTML/JavaScript without escaping, enabling Cross-Site Scripting (...
Axigen 安全漏洞
Axigen is a mail server with groupware and collaboration features from Axigen, Inc. A security vulnerability exists in Axigen version 10.x prior to 10.3.3.62, which stems from the presence of a cross-site scripting XSS vulnerability...
CVE-2024-22418
Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename suc...