CVE-2025-48992

by Fred · 16/06/2025

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.

Assigner : security-advisories@github.com

More information : https://github.com/Intermesh/groupoffice/commit/2e3695db9cdef1da7a9d754ff4d98f49f6924e2d

CVE-2025-48992

Similar

Recent Posts

Categories

CVE-2025-48992

Share this:

Similar

Recent Posts

Categories

Tags