CVE-2024-23941

Summary

Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

Affected Software

VendorProductVersion RangeStatus
Intermesh BVGroup Officeprior to v6.6.182affected
Intermesh BVGroup Officeprior to v6.7.64affected
Intermesh BVGroup Officeprior to v6.8.31affected

Weaknesses

  • Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References