QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-30237

Back to search

CVE-2026-30237

Published: Mar 6, 2026

Modified: Mar 9, 2026

PUBLISHED

Description

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a <textarea>, allowing a </textarea><script>...</script> breakout.. This issue has been patched in versions 6.8.155, 25.0.88, and 26.0.10.

VendorProductVersions

Intermesh

groupoffice

affected
< 6.8.155
affected
< 25.0.88
affected
< 26.0.10

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now