VYPR

GroupSession Free edition

by Japan Total System Co.,ltd.

CVEs (18)

  • CVE-2021-20874HigDec 24, 2021
    risk 0.49cvss 7.5epss 0.01

    Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the…

  • CVE-2021-20876MedDec 24, 2021
    risk 0.44cvss 6.8epss 0.01

    Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above…

  • CVE-2025-65120MedDec 12, 2025
    risk 0.40cvss 6.1epss 0.00

    Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser…

  • CVE-2025-57883MedDec 12, 2025
    risk 0.40cvss 6.1epss 0.00

    Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser…

  • CVE-2025-54407MedDec 12, 2025
    risk 0.40cvss 6.1epss 0.00

    Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of…

  • CVE-2021-20875MedDec 24, 2021
    risk 0.40cvss 6.1epss 0.01

    Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by…

  • CVE-2021-20789MedJul 30, 2021
    risk 0.40cvss 6.1epss 0.01

    Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote…

  • CVE-2025-66284MedDec 12, 2025
    risk 0.35cvss 5.4epss 0.00

    Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the…

  • CVE-2025-62192MedDec 12, 2025
    risk 0.35cvss 5.4epss 0.00

    SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If exploited, information stored in the database may be obtained or altered by an authenticated user.

  • CVE-2025-53523MedDec 12, 2025
    risk 0.35cvss 5.4epss 0.00

    Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the…

  • CVE-2025-61987MedDec 12, 2025
    risk 0.34cvss 5.3epss 0.00

    GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may be exposed.

  • CVE-2025-64781MedDec 12, 2025
    risk 0.31cvss 4.7epss 0.00

    In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an…

  • CVE-2021-20787MedJul 30, 2021
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a…

  • CVE-2021-20785MedJul 30, 2021
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a…

  • CVE-2025-61950MedDec 12, 2025
    risk 0.28cvss 4.3epss 0.00

    In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior…

  • CVE-2025-58576MedDec 12, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed.

  • CVE-2021-20788MedJul 30, 2021
    risk 0.28cvss 4.3epss 0.01

    Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0)…

  • CVE-2021-20786MedJul 30, 2021
    risk 0.28cvss 4.3epss 0.00

    Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0)…