CVE-2025-25191
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Intermesh | groupoffice | < 6.8.100 | affected |
Weaknesses
- CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/Intermesh/groupoffice/security/advisories/GHSA-j7p3-v652-p3gf
- https://github.com/Intermesh/groupoffice/commit/c5c83e19a5cdf93b0e758726c97597861f1d6eda
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.