Groupsession

Groupsession

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-66284

  • EPSS 0.04%
  • Veröffentlicht 12.12.2025 05:16:12
  • Zuletzt bearbeitet 17.02.2026 15:07:21

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. A logged-in user can prepare a malicious page or URL, and an arbitrary ...

6.1

CVE-2025-65120

  • EPSS 0.04%
  • Veröffentlicht 12.12.2025 05:16:12
  • Zuletzt bearbeitet 17.02.2026 15:09:46

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be ...

5.1

CVE-2025-64781

  • EPSS 0.05%
  • Veröffentlicht 12.12.2025 05:16:11
  • Zuletzt bearbeitet 17.02.2026 15:14:09

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the u...

5.4

CVE-2025-62192

  • EPSS 0.04%
  • Veröffentlicht 12.12.2025 05:16:10
  • Zuletzt bearbeitet 17.02.2026 15:18:18

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If exploited, information stored in the database may be obtained or altered by an auth...

6.9

CVE-2025-61987

  • EPSS 0.02%
  • Veröffentlicht 12.12.2025 05:16:07
  • Zuletzt bearbeitet 17.02.2026 15:31:00

GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may be exposed.

5.3

CVE-2025-61950

  • EPSS 0.04%
  • Veröffentlicht 12.12.2025 05:16:07
  • Zuletzt bearbeitet 17.02.2026 15:43:09

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are Gr...

5.1

CVE-2025-58576

  • EPSS 0.02%
  • Veröffentlicht 12.12.2025 05:16:07
  • Zuletzt bearbeitet 23.01.2026 02:22:17

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operation...

6.1

CVE-2025-57883

  • EPSS 0.04%
  • Veröffentlicht 12.12.2025 05:16:07
  • Zuletzt bearbeitet 23.01.2026 02:29:27

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be ...

6.1

CVE-2025-54407

  • EPSS 0.04%
  • Veröffentlicht 12.12.2025 05:16:07
  • Zuletzt bearbeitet 17.02.2026 15:44:49

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be exe...

5.4

CVE-2025-53523

  • EPSS 0.04%
  • Veröffentlicht 12.12.2025 05:16:05
  • Zuletzt bearbeitet 17.02.2026 15:45:09

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary ...