Group-office

Group Office

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2026-25511

Exploit
  • EPSS 0.01%
  • Veröffentlicht 04.02.2026 20:40:04
  • Zuletzt bearbeitet 11.02.2026 19:16:29

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL,...

8.8

CVE-2026-25512

Exploit
  • EPSS 12.02%
  • Veröffentlicht 04.02.2026 20:39:08
  • Zuletzt bearbeitet 11.02.2026 19:15:49

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTemp...

8.8

CVE-2026-25134

Exploit
  • EPSS 0.13%
  • Veröffentlicht 02.02.2026 23:16:09
  • Zuletzt bearbeitet 18.02.2026 17:35:28

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip comm...

5.4

CVE-2026-23887

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.01.2026 23:39:05
  • Zuletzt bearbeitet 18.02.2026 15:03:12

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting ...

8.8

CVE-2025-63406

Exploit
  • EPSS 0.49%
  • Veröffentlicht 13.11.2025 00:00:00
  • Zuletzt bearbeitet 09.01.2026 15:45:50

An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php

5.3

CVE-2025-53505

  • EPSS 0.04%
  • Veröffentlicht 21.08.2025 04:29:44
  • Zuletzt bearbeitet 24.09.2025 00:05:17

Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting the product may be exposed.

5.4

CVE-2025-53504

  • EPSS 0.03%
  • Veröffentlicht 21.08.2025 04:29:14
  • Zuletzt bearbeitet 24.09.2025 00:14:41

Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.

5.4

CVE-2025-25191

Exploit
  • EPSS 0.22%
  • Veröffentlicht 06.03.2025 19:15:27
  • Zuletzt bearbeitet 10.10.2025 20:11:15

Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.

5.4

CVE-2024-23941

  • EPSS 0.2%
  • Veröffentlicht 01.02.2024 04:15:49
  • Zuletzt bearbeitet 04.06.2025 16:15:35

Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the...

5.4

CVE-2024-22418

Exploit
  • EPSS 0.24%
  • Veröffentlicht 18.01.2024 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:56:14

Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a ...