12 matches found
CVE-2025-48366
GroupOffice (Intermesh BV) contains a stored blind XSS in the user profile Phone Number field, exploitable prior to versions 6.8.119 and 25.0.20. The payload can persist and execute when other users view the Address Book, enabling actions like forced redirects and unauthorized fetches. Versions 6...
CVE-2010-3428
CVE-2010-3428 affects Intermesh Group-Office 3.5.9. The vulnerability is an SQL injection in the file modules/notes/json.php, exploitable via the category_id parameter in a category action. This allows remote attackers to manipulate the database (arbitrary SQL commands) without authentication, as...
CVE-2025-48369
CVE-2025-48369 affects Group-Office (enterprise CRM/groupware). A persistent XSS flaw exists in the tasks comment feature where uploading a file with a crafted filename allows arbitrary JavaScript to run when users view the task comment. The issue stems from failing to sanitize image filenames be...
CVE-2025-48368
The CVE-2025-48368 entry concerns GroupOffice, an enterprise groupware/CRM product. A DOM-based Cross-Site Scripting (XSS) vulnerability exists in all date-input related processing, allowing an attacker to execute arbitrary JavaScript in the victim’s browser. Affected versions are prior to 6.8.11...
CVE-2025-48993
Group-Office (enterprise CRM/groupware) is affected by a reflected XSS via the Look and Feel Formatting fields. The issue arises because input in these fields is not properly sanitized. Affected versions: before 6.8.123 and before 25.0.27. Patches exist: 6.8.123 and 25.0.27. Remediation: upgrade ...
CVE-2026-34838
Group-Office contains an authenticated RCE in the AbstractSettingsCollection deserialization path. Before versions 6.8.156, 25.0.90, and 26.0.12, an attacker can inject a serialized FileCookieJar into a settings string, causing Arbitrary File Write and server RCE. This is fixed in 6.8.156, 25.0.9...
CVE-2025-48992
Group-Office is affected by a stored and blind XSS in the Name field of user profiles for versions prior to 6.8.123 and prior to 25.0.27. The vulnerability allows an attacker to set their name to a JavaScript payload, which executes when the compromised user adds that attacker to Synchronization ...
CVE-2026-27947
CVE-2026-27947 affects Group-Office and enables authenticated Remote Code Execution through the TNEF attachment processing flow. In affected versions (prior to 26.0.9, 25.0.87, and 6.8.154), processing winmail.dat extracts attacker-controlled files and then calls zip with a shell wildcard. Due to...
CVE-2026-30237
Group-Office (enterprise CRM/groupware) is affected by a reflected XSS in the installer at install/license.php. Versions prior to 6.8.155, 25.0.88, and 26.0.10 render the POST parameter license inside a textarea without escaping, enabling a breakout sequence such as . This could allow arbitrary s...
CVE-2026-30238
CVE-2026-30238 affects Group-Office. A reflected XSS in the external/index flow arises from the f parameter (Base64 JSON) being decoded and injected into an inline JavaScript block without strict escaping, enabling arbitrary JavaScript execution in the victim’s browser. Affected versions are prio...
CVE-2026-27832
Group-Office (enterprise CRM/groupware) is affected by an authenticated SQL Injection in the advancedQueryData parameter (comparator) on index.php?r=email/template/emailSelection. Pre-fix versions 26.0.8, 25.0.87, and 6.8.153 process advancedQueryData with a weak allowlist, enabling blind boolean...
CVE-2026-33755
Group-Office (enterprise CRM/groupware) has an authenticated SQL Injection in the JMAP Contact/query endpoint affecting versions before 6.8.158, 25.0.92, and 26.0.17. An authenticated user with basic addressbook access can extract arbitrary data from the database, including active session tokens ...