Search criteria
17 vulnerabilities by group-office
CVE-2026-25511 (GCVE-0-2026-25511)
Vulnerability from cvelistv5 – Published: 2026-02-04 20:40 – Updated: 2026-02-05 21:02
VLAI
Title
Group-Office is vulnerable to SSRF and File Read in WOPI service discovery
Summary
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The SSRF response body can be exfiltrated via the built‑in debug system, turning it into a visible SSRF. This also allows full server-side file read. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Intermesh/groupoffice/security… | x_refsource_CONFIRM |
| https://github.com/Intermesh/groupoffice/commit/5… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intermesh | groupoffice |
Affected:
< 6.8.150
Affected: < 25.0.82 Affected: < 26.0.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25511",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T21:02:18.815073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T21:02:22.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pm"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "groupoffice",
"vendor": "Intermesh",
"versions": [
{
"status": "affected",
"version": "\u003c 6.8.150"
},
{
"status": "affected",
"version": "\u003c 25.0.82"
},
{
"status": "affected",
"version": "\u003c 26.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The SSRF response body can be exfiltrated via the built\u2011in debug system, turning it into a visible SSRF. This also allows full server-side file read. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:40:04.317Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pm"
},
{
"name": "https://github.com/Intermesh/groupoffice/commit/5ac199dce758e1ce0d1cdb6905df5da3c2af42b3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Intermesh/groupoffice/commit/5ac199dce758e1ce0d1cdb6905df5da3c2af42b3"
}
],
"source": {
"advisory": "GHSA-r9v4-jm2r-r9pm",
"discovery": "UNKNOWN"
},
"title": "Group-Office is vulnerable to SSRF and File Read in WOPI service discovery"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25511",
"datePublished": "2026-02-04T20:40:04.317Z",
"dateReserved": "2026-02-02T18:21:42.486Z",
"dateUpdated": "2026-02-05T21:02:22.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25512 (GCVE-0-2026-25512)
Vulnerability from cvelistv5 – Published: 2026-02-04 20:39 – Updated: 2026-02-05 21:03
VLAI
Title
Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler
Summary
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmp_file into an exec() call. By injecting shell metacharacters into tmp_file, an authenticated attacker can execute arbitrary system commands on the server. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Intermesh/groupoffice/security… | x_refsource_CONFIRM |
| http://github.com/Intermesh/groupoffice/commit/6c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intermesh | groupoffice |
Affected:
< 6.8.150
Affected: < 25.0.82 Affected: < 26.0.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25512",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T21:03:20.946470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T21:03:24.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "groupoffice",
"vendor": "Intermesh",
"versions": [
{
"status": "affected",
"version": "\u003c 6.8.150"
},
{
"status": "affected",
"version": "\u003c 25.0.82"
},
{
"status": "affected",
"version": "\u003c 26.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmp_file into an exec() call. By injecting shell metacharacters into tmp_file, an authenticated attacker can execute arbitrary system commands on the server. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:39:08.039Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4"
},
{
"name": "http://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce7e8e9d907792",
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce7e8e9d907792"
}
],
"source": {
"advisory": "GHSA-579w-jvg7-frr4",
"discovery": "UNKNOWN"
},
"title": "Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25512",
"datePublished": "2026-02-04T20:39:08.039Z",
"dateReserved": "2026-02-02T18:21:42.486Z",
"dateUpdated": "2026-02-05T21:03:24.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25134 (GCVE-0-2026-25134)
Vulnerability from cvelistv5 – Published: 2026-02-02 22:40 – Updated: 2026-02-04 16:53
VLAI
Title
Group-Office Argument Injection in MaintenanceController::actionZipLanguage
Summary
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec(). This can be combined with uploading a crafted zip file to achieve remote code execution. This vulnerability is fixed in 6.8.150, 25.0.82, and 26.0.5.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Intermesh/groupoffice/security… | x_refsource_CONFIRM |
| https://github.com/Intermesh/groupoffice/commit/d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intermesh | groupoffice |
Affected:
< 6.8.150
Affected: >= 25.0.0, < 25.0.82 Affected: >= 26.0.0, < 26.0.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T15:54:26.783842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:53:26.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "groupoffice",
"vendor": "Intermesh",
"versions": [
{
"status": "affected",
"version": "\u003c 6.8.150"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.0.82"
},
{
"status": "affected",
"version": "\u003e= 26.0.0, \u003c 26.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec(). This can be combined with uploading a crafted zip file to achieve remote code execution. This vulnerability is fixed in 6.8.150, 25.0.82, and 26.0.5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T22:40:15.094Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-v39j-549w-8849",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-v39j-549w-8849"
},
{
"name": "https://github.com/Intermesh/groupoffice/commit/d28490a6a29936db7888aa841ab8ade88800540b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Intermesh/groupoffice/commit/d28490a6a29936db7888aa841ab8ade88800540b"
}
],
"source": {
"advisory": "GHSA-v39j-549w-8849",
"discovery": "UNKNOWN"
},
"title": "Group-Office Argument Injection in MaintenanceController::actionZipLanguage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25134",
"datePublished": "2026-02-02T22:40:15.094Z",
"dateReserved": "2026-01-29T14:03:42.540Z",
"dateUpdated": "2026-02-04T16:53:26.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23887 (GCVE-0-2026-23887)
Vulnerability from cvelistv5 – Published: 2026-01-21 23:39 – Updated: 2026-01-22 21:52
VLAI
Title
Group-Office has stored XSS vulnerability via unsanitized filenames
Summary
Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting (XSS). Users who interact with these specially crafted file names within the Group-Office application are affected. While the scope is limited to the file-viewing context, it could still be used to interfere with user sessions or perform unintended actions in the browser. This issue is fixed in versions 6.8.149 and 25.0.80.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Intermesh/groupoffice/security… | x_refsource_CONFIRM |
| https://github.com/Intermesh/groupoffice/commit/3… | x_refsource_MISC |
| https://github.com/Intermesh/groupoffice/commit/a… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intermesh | groupoffice |
Affected:
< 6.8.149
Affected: >= 25.0.1, < 25.0.80 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T21:52:26.742400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:52:37.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "groupoffice",
"vendor": "Intermesh",
"versions": [
{
"status": "affected",
"version": "\u003c 6.8.149"
},
{
"status": "affected",
"version": "\u003e= 25.0.1, \u003c 25.0.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting (XSS). Users who interact with these specially crafted file names within the Group-Office application are affected. While the scope is limited to the file-viewing context, it could still be used to interfere with user sessions or perform unintended actions in the browser. This issue is fixed in versions 6.8.149 and 25.0.80."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T23:39:05.160Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-3gj5-gvvr-g6hp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-3gj5-gvvr-g6hp"
},
{
"name": "https://github.com/Intermesh/groupoffice/commit/3fa40d7edd31fbe33babe07061d5a14ad19ea40f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Intermesh/groupoffice/commit/3fa40d7edd31fbe33babe07061d5a14ad19ea40f"
},
{
"name": "https://github.com/Intermesh/groupoffice/commit/ac91b128157bc9c5ea015b6141ce71cd3bbc43f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Intermesh/groupoffice/commit/ac91b128157bc9c5ea015b6141ce71cd3bbc43f0"
}
],
"source": {
"advisory": "GHSA-3gj5-gvvr-g6hp",
"discovery": "UNKNOWN"
},
"title": "Group-Office has stored XSS vulnerability via unsanitized filenames"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23887",
"datePublished": "2026-01-21T23:39:05.160Z",
"dateReserved": "2026-01-16T21:02:02.902Z",
"dateUpdated": "2026-01-22T21:52:37.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-63406 (GCVE-0-2025-63406)
Vulnerability from cvelistv5 – Published: 2025-11-13 00:00 – Updated: 2025-11-19 14:27
VLAI
Summary
An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-63406",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T16:56:34.384338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T16:58:27.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:27:09.172Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://noahheraud.com/posts/CVE-2025-63406/"
},
{
"url": "https://github.com/WinDyAlphA/CVE-2025-63406-PoC"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-63406",
"datePublished": "2025-11-13T00:00:00.000Z",
"dateReserved": "2025-10-27T00:00:00.000Z",
"dateUpdated": "2025-11-19T14:27:09.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53505 (GCVE-0-2025-53505)
Vulnerability from cvelistv5 – Published: 2025-08-21 04:29 – Updated: 2025-08-21 15:46
VLAI
Summary
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting the product may be exposed.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Intermesh BV | Group-Office |
Affected:
prior to 6.8.119
|
|
| Intermesh BV | Group-Office |
Affected:
prior to 25.0.20
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T15:46:29.265569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T15:46:36.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Group-Office",
"vendor": "Intermesh BV",
"versions": [
{
"status": "affected",
"version": "prior to 6.8.119"
}
]
},
{
"product": "Group-Office",
"vendor": "Intermesh BV",
"versions": [
{
"status": "affected",
"version": "prior to 25.0.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting the product may be exposed."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T04:29:44.539Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.group-office.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN72111431/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53505",
"datePublished": "2025-08-21T04:29:44.539Z",
"dateReserved": "2025-07-01T07:31:26.725Z",
"dateUpdated": "2025-08-21T15:46:36.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53504 (GCVE-0-2025-53504)
Vulnerability from cvelistv5 – Published: 2025-08-21 04:29 – Updated: 2025-08-21 15:47
VLAI
Summary
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Intermesh BV | Group-Office |
Affected:
prior to 6.8.119
|
|
| Intermesh BV | Group-Office |
Affected:
prior to 25.0.20
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T15:46:55.592527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T15:47:02.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Group-Office",
"vendor": "Intermesh BV",
"versions": [
{
"status": "affected",
"version": "prior to 6.8.119"
}
]
},
{
"product": "Group-Office",
"vendor": "Intermesh BV",
"versions": [
{
"status": "affected",
"version": "prior to 25.0.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user\u0027s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T04:29:14.292Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.group-office.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN72111431/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53504",
"datePublished": "2025-08-21T04:29:14.292Z",
"dateReserved": "2025-07-01T07:31:26.725Z",
"dateUpdated": "2025-08-21T15:47:02.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25191 (GCVE-0-2025-25191)
Vulnerability from cvelistv5 – Published: 2025-03-06 18:41 – Updated: 2025-03-06 20:35
VLAI
Title
Group-Office has a Stored XSS Vulnerability via user's name field
Summary
Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Intermesh/groupoffice/security… | x_refsource_CONFIRM |
| https://github.com/Intermesh/groupoffice/commit/c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intermesh | groupoffice |
Affected:
< 6.8.100
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25191",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T20:35:01.606030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T20:35:12.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "groupoffice",
"vendor": "Intermesh",
"versions": [
{
"status": "affected",
"version": "\u003c 6.8.100"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T18:41:00.761Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-j7p3-v652-p3gf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-j7p3-v652-p3gf"
},
{
"name": "https://github.com/Intermesh/groupoffice/commit/c5c83e19a5cdf93b0e758726c97597861f1d6eda",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Intermesh/groupoffice/commit/c5c83e19a5cdf93b0e758726c97597861f1d6eda"
}
],
"source": {
"advisory": "GHSA-j7p3-v652-p3gf",
"discovery": "UNKNOWN"
},
"title": "Group-Office has a Stored XSS Vulnerability via user\u0027s name field"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25191",
"datePublished": "2025-03-06T18:41:00.761Z",
"dateReserved": "2025-02-03T19:30:53.399Z",
"dateUpdated": "2025-03-06T20:35:12.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23941 (GCVE-0-2024-23941)
Vulnerability from cvelistv5 – Published: 2024-02-01 03:56 – Updated: 2025-06-04 15:25
VLAI
Summary
Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site scripting (XSS)
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Intermesh BV | Group Office |
Affected:
prior to v6.6.182
|
|
| Intermesh BV | Group Office |
Affected:
prior to v6.7.64
|
|
| Intermesh BV | Group Office |
Affected:
prior to v6.8.31
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-05T18:46:18.532239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T15:25:00.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Intermesh/groupoffice/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.group-office.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63567545/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Group Office",
"vendor": "Intermesh BV",
"versions": [
{
"status": "affected",
"version": "prior to v6.6.182"
}
]
},
{
"product": "Group Office",
"vendor": "Intermesh BV",
"versions": [
{
"status": "affected",
"version": "prior to v6.7.64"
}
]
},
{
"product": "Group Office",
"vendor": "Intermesh BV",
"versions": [
{
"status": "affected",
"version": "prior to v6.8.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T03:56:12.231Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://github.com/Intermesh/groupoffice/"
},
{
"url": "https://www.group-office.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN63567545/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23941",
"datePublished": "2024-02-01T03:56:12.231Z",
"dateReserved": "2024-01-24T01:34:18.418Z",
"dateUpdated": "2025-06-04T15:25:00.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22418 (GCVE-0-2024-22418)
Vulnerability from cvelistv5 – Published: 2024-01-18 20:44 – Updated: 2025-06-17 21:19
VLAI
Title
Stored Cross-site Scripting Vulnerability via Malicious File Names in GroupOffice
Summary
Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename such as “><img src=x onerror=prompt('XSS')>.jpg” triggers the vulnerability. When this file is uploaded, the JavaScript code within the filename is executed. This issue has been addressed in version 6.8.29. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Intermesh/groupoffice/security… | x_refsource_CONFIRM |
| https://github.com/Intermesh/groupoffice/commit/2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intermesh | groupoffice |
Affected:
< 6.8.29
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-p7w9-h6c3-wqpp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-p7w9-h6c3-wqpp"
},
{
"name": "https://github.com/Intermesh/groupoffice/commit/2a52a5d42d080db6738d70eba30294bcd94ebd09",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Intermesh/groupoffice/commit/2a52a5d42d080db6738d70eba30294bcd94ebd09"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-19T17:02:28.558815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:22.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "groupoffice",
"vendor": "Intermesh",
"versions": [
{
"status": "affected",
"version": "\u003c 6.8.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file\u0027s name. For instance, using a filename such as \u201c\u003e\u003cimg src=x onerror=prompt(\u0027XSS\u0027)\u003e.jpg\u201d triggers the vulnerability. When this file is uploaded, the JavaScript code within the filename is executed. This issue has been addressed in version 6.8.29. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T20:44:57.229Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-p7w9-h6c3-wqpp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-p7w9-h6c3-wqpp"
},
{
"name": "https://github.com/Intermesh/groupoffice/commit/2a52a5d42d080db6738d70eba30294bcd94ebd09",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Intermesh/groupoffice/commit/2a52a5d42d080db6738d70eba30294bcd94ebd09"
}
],
"source": {
"advisory": "GHSA-p7w9-h6c3-wqpp",
"discovery": "UNKNOWN"
},
"title": "Stored Cross-site Scripting Vulnerability via Malicious File Names in GroupOffice"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22418",
"datePublished": "2024-01-18T20:44:57.229Z",
"dateReserved": "2024-01-10T15:09:55.552Z",
"dateUpdated": "2025-06-17T21:19:22.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46730 (GCVE-0-2023-46730)
Vulnerability from cvelistv5 – Published: 2023-11-07 17:35 – Updated: 2024-09-04 15:56
VLAI
Title
Server-Side Request Forgery in groupoffice
Summary
Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
7.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Intermesh/groupoffice/security… | x_refsource_CONFIRM |
| https://github.com/Intermesh/groupoffice/commit/9… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Intermesh | groupoffice |
Affected:
>= 6.3.0, < 6.6.177
Affected: >= 6.7.0, < 6.7.54 Affected: >= 6.8.0, < 6.8.15 |
|
| intermesh | group-office |
Affected:
6.30 , < 6.6.177
(custom)
Affected: 6.70 , < 6.7.54 (custom) Affected: 6.80 , < 6.8.15 (custom) cpe:2.3:a:intermesh:group-office:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-vw6c-h82w-mvfv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-vw6c-h82w-mvfv"
},
{
"name": "https://github.com/Intermesh/groupoffice/commit/99205535e8cec6592fd7f1469837926f27c72d50",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Intermesh/groupoffice/commit/99205535e8cec6592fd7f1469837926f27c72d50"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intermesh:group-office:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "group-office",
"vendor": "intermesh",
"versions": [
{
"lessThan": "6.6.177",
"status": "affected",
"version": "6.30",
"versionType": "custom"
},
{
"lessThan": "6.7.54",
"status": "affected",
"version": "6.70",
"versionType": "custom"
},
{
"lessThan": "6.8.15",
"status": "affected",
"version": "6.80",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46730",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T15:52:27.981201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T15:56:13.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "groupoffice",
"vendor": "Intermesh",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.3.0, \u003c 6.6.177"
},
{
"status": "affected",
"version": "\u003e= 6.7.0, \u003c 6.7.54"
},
{
"status": "affected",
"version": "\u003e= 6.8.0, \u003c 6.8.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T17:35:36.332Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-vw6c-h82w-mvfv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-vw6c-h82w-mvfv"
},
{
"name": "https://github.com/Intermesh/groupoffice/commit/99205535e8cec6592fd7f1469837926f27c72d50",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Intermesh/groupoffice/commit/99205535e8cec6592fd7f1469837926f27c72d50"
}
],
"source": {
"advisory": "GHSA-vw6c-h82w-mvfv",
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery in groupoffice "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46730",
"datePublished": "2023-11-07T17:35:36.332Z",
"dateReserved": "2023-10-25T14:30:33.751Z",
"dateUpdated": "2024-09-04T15:56:13.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25292 (GCVE-0-2023-25292)
Vulnerability from cvelistv5 – Published: 2023-04-27 00:00 – Updated: 2025-01-31 19:07
VLAI
Summary
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:36.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://group-office.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://intermesh.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/brainkok/CVE-2023-25292"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25292",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T19:06:41.682893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:07:54.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://group-office.com"
},
{
"url": "http://intermesh.com"
},
{
"url": "https://github.com/brainkok/CVE-2023-25292"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-25292",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-02-06T00:00:00.000Z",
"dateUpdated": "2025-01-31T19:07:54.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28060 (GCVE-0-2021-28060)
Vulnerability from cvelistv5 – Published: 2021-04-14 16:11 – Updated: 2024-08-03 21:33
VLAI
Summary
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://fatihhcelik.blogspot.com/2020/12/group-of… | x_refsource_MISC |
| https://fatihhcelik.github.io/posts/Group-Office-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-ssrf.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.github.io/posts/Group-Office-CRM-SSRF/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T16:11:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-ssrf.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.github.io/posts/Group-Office-CRM-SSRF/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-ssrf.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-ssrf.html"
},
{
"name": "https://fatihhcelik.github.io/posts/Group-Office-CRM-SSRF/",
"refsource": "MISC",
"url": "https://fatihhcelik.github.io/posts/Group-Office-CRM-SSRF/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28060",
"datePublished": "2021-04-14T16:11:18.000Z",
"dateReserved": "2021-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:33:17.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35418 (GCVE-0-2020-35418)
Vulnerability from cvelistv5 – Published: 2021-04-14 16:11 – Updated: 2024-08-04 17:02
VLAI
Summary
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fatihhcelik.blogspot.com/2020/12/group-of… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:07.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-stored-xss-via-svg-file.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T16:11:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-stored-xss-via-svg-file.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-stored-xss-via-svg-file.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-stored-xss-via-svg-file.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35418",
"datePublished": "2021-04-14T16:11:16.000Z",
"dateReserved": "2020-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:02:07.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35419 (GCVE-0-2020-35419)
Vulnerability from cvelistv5 – Published: 2021-04-14 16:11 – Updated: 2024-08-04 17:02
VLAI
Summary
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fatihhcelik.github.io/posts/Group-Office-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.github.io/posts/Group-Office-CRM-Stored-XSS-via-SVG-File/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T16:11:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.github.io/posts/Group-Office-CRM-Stored-XSS-via-SVG-File/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.github.io/posts/Group-Office-CRM-Stored-XSS-via-SVG-File/",
"refsource": "MISC",
"url": "https://fatihhcelik.github.io/posts/Group-Office-CRM-Stored-XSS-via-SVG-File/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35419",
"datePublished": "2021-04-14T16:11:14.000Z",
"dateReserved": "2020-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:02:08.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4240 (GCVE-0-2012-4240)
Vulnerability from cvelistv5 – Published: 2014-09-11 14:00 – Updated: 2024-08-06 20:28
VLAI
Summary
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/21056 | exploitx_refsource_EXPLOIT-DB |
| http://www.reactionpenetrationtesting.co.uk/group… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/55383 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/85171 | vdb-entryx_refsource_OSVDB |
Date Public
2012-07-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:28:07.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21056",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/21056"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reactionpenetrationtesting.co.uk/group-office-sqli.html"
},
{
"name": "groupoffice-json-sort-sql-injection(78253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78253"
},
{
"name": "55383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55383"
},
{
"name": "20120903 Group-Office Calendar SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0011.html"
},
{
"name": "85171",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/85171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21056",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/21056"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reactionpenetrationtesting.co.uk/group-office-sqli.html"
},
{
"name": "groupoffice-json-sort-sql-injection(78253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78253"
},
{
"name": "55383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55383"
},
{
"name": "20120903 Group-Office Calendar SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0011.html"
},
{
"name": "85171",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/85171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21056",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/21056"
},
{
"name": "http://www.reactionpenetrationtesting.co.uk/group-office-sqli.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/group-office-sqli.html"
},
{
"name": "groupoffice-json-sort-sql-injection(78253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78253"
},
{
"name": "55383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55383"
},
{
"name": "20120903 Group-Office Calendar SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0011.html"
},
{
"name": "85171",
"refsource": "OSVDB",
"url": "http://osvdb.org/85171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4240",
"datePublished": "2014-09-11T14:00:00.000Z",
"dateReserved": "2012-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:28:07.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2720 (GCVE-0-2007-2720)
Vulnerability from cvelistv5 – Published: 2007-05-16 19:00 – Updated: 2024-08-07 13:49
VLAI
Summary
Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/25369 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/1773 | vdb-entryx_refsource_VUPEN |
| http://group-office.svn.sourceforge.net/viewvc/gr… | x_refsource_MISC |
| http://www.securityfocus.com/bid/23925 | vdb-entryx_refsource_BID |
Date Public
2007-05-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25369"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=498556\u0026group_id=76359"
},
{
"name": "ADV-2007-1773",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1773"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://group-office.svn.sourceforge.net/viewvc/group-office?view=rev\u0026revision=261"
},
{
"name": "23925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-01T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25369"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=498556\u0026group_id=76359"
},
{
"name": "ADV-2007-1773",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1773"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://group-office.svn.sourceforge.net/viewvc/group-office?view=rev\u0026revision=261"
},
{
"name": "23925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25369"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=498556\u0026group_id=76359",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=498556\u0026group_id=76359"
},
{
"name": "ADV-2007-1773",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1773"
},
{
"name": "http://group-office.svn.sourceforge.net/viewvc/group-office?view=rev\u0026revision=261",
"refsource": "MISC",
"url": "http://group-office.svn.sourceforge.net/viewvc/group-office?view=rev\u0026revision=261"
},
{
"name": "23925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2720",
"datePublished": "2007-05-16T19:00:00.000Z",
"dateReserved": "2007-05-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:49:57.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}