Intermesh

Group-office

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.1

CVE-2026-30238

  • EPSS -
  • Veröffentlicht 06.03.2026 21:14:03
  • Zuletzt bearbeitet 06.03.2026 22:16:01

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter (Base64 JSON) is dec...

2.1

CVE-2026-30237

  • EPSS -
  • Veröffentlicht 06.03.2026 21:13:33
  • Zuletzt bearbeitet 06.03.2026 22:16:01

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field lice...

8.8

CVE-2026-27947

  • EPSS 0.26%
  • Veröffentlicht 27.02.2026 19:52:41
  • Zuletzt bearbeitet 04.03.2026 16:07:30

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path ex...

8.8

CVE-2026-27832

  • EPSS 0.03%
  • Veröffentlicht 27.02.2026 19:49:57
  • Zuletzt bearbeitet 04.03.2026 16:10:29

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) vulnerability, exploitable through the `advancedQueryData` parameter (`comparator` field) on...

4.9

CVE-2026-25511

Exploit
  • EPSS 0.01%
  • Veröffentlicht 04.02.2026 20:40:04
  • Zuletzt bearbeitet 11.02.2026 19:16:29

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL,...

8.8

CVE-2026-25512

Exploit
  • EPSS 12.02%
  • Veröffentlicht 04.02.2026 20:39:08
  • Zuletzt bearbeitet 11.02.2026 19:15:49

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTemp...

8.8

CVE-2026-25134

Exploit
  • EPSS 0.15%
  • Veröffentlicht 02.02.2026 23:16:09
  • Zuletzt bearbeitet 18.02.2026 17:35:28

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip comm...

5.4

CVE-2026-23887

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.01.2026 23:39:05
  • Zuletzt bearbeitet 18.02.2026 15:03:12

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting ...

8.8

CVE-2025-63406

Exploit
  • EPSS 0.49%
  • Veröffentlicht 13.11.2025 00:00:00
  • Zuletzt bearbeitet 09.01.2026 15:45:50

An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php

5.3

CVE-2025-53505

  • EPSS 0.04%
  • Veröffentlicht 21.08.2025 04:29:44
  • Zuletzt bearbeitet 24.09.2025 00:05:17

Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting the product may be exposed.