Vulnerabilities > Group Office
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-01 | CVE-2024-23941 | Cross-site Scripting vulnerability in Group-Office Group Office Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | 5.4 |
| 2024-01-18 | CVE-2024-22418 | Unspecified vulnerability in Group-Office Group Office Group-Office is an enterprise CRM and groupware tool. | 5.4 |
| 2023-11-07 | CVE-2023-46730 | Unspecified vulnerability in Group-Office Group Office Group-Office is an enterprise CRM and groupware tool. | 8.8 |
| 2023-04-27 | CVE-2023-25292 | Cross-site Scripting vulnerability in Group-Office Group Office 6.6.145 Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. | 6.1 |
| 2021-04-14 | CVE-2021-28060 | Server-Side Request Forgery (SSRF) vulnerability in Group-Office Group Office 6.4.196 A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. | 5.3 |
| 2021-04-14 | CVE-2020-35419 | Cross-site Scripting vulnerability in Group-Office Group Office 6.4.196 Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. | 6.1 |
| 2021-04-14 | CVE-2020-35418 | Cross-site Scripting vulnerability in Group-Office Group Office 6.4.196 Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. | 5.4 |