Group-office Security Vulnerabilities and Issues — Group-office CVE List

Lucene search

IntermeshGroup-office

7 matches found

CVE•added 2025/05/22 6:15 p.m.•50 views

CVE-2025-48366

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persistent ...

7.9CVSS5.8AI score0.00046EPSS

CVE•added 2025/05/22 6:15 p.m.•47 views

CVE-2025-48368

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim'...

6.5CVSS5.7AI score0.00041EPSS

CVE•added 2023/11/07 6:15 p.m.•43 views

CVE-2023-46730

Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to...

8.8CVSS8AI score0.0019EPSS

Web

CVE•added 2025/05/22 6:15 p.m.•43 views

CVE-2025-48369

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an fil...

6.3CVSS5.2AI score0.00037EPSS

CVE•added 2010/09/16 10:0 p.m.•39 views

CVE-2010-3428

SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.

7.5CVSS8.6AI score0.00107EPSS

Web

CVE•added 2025/06/17 1:15 a.m.•18 views

CVE-2025-48993

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application ...

6.1CVSS5.6AI score0.00039EPSS

CVE•added 2025/06/16 11:15 p.m.•15 views

CVE-2025-48992

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, whi...

6.3CVSS5.2AI score0.00046EPSS