VYPR

Groupoffice

by Intermesh

Source repositories

CVEs (26)

  • CVE-2025-48366May 22, 2025
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor…

  • CVE-2025-25191Mar 6, 2025
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.

  • CVE-2024-22418Jan 18, 2024
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance,…

  • CVE-2023-46730Nov 7, 2023
    risk 0.00cvss epss 0.01

    Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make…

  • CVE-2023-25292Apr 27, 2023
    risk 0.00cvss epss 0.01

    Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.

  • CVE-2007-2720May 16, 2007
    risk 0.00cvss epss 0.01

    Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information.

Page 2 of 2