Back to search
CVE-2025-48992
Published: Jun 16, 2025
Modified: Jun 17, 2025
PUBLISHED
Description
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.
| Vendor | Product | Versions |
|---|---|---|
Intermesh | groupoffice | affected < 6.8.123affected < 25.0.27 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now