Vulnerabilities > Group Office
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-01 | CVE-2024-23941 | Cross-site Scripting vulnerability in Group-Office Group Office Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | 5.4 |
2024-01-18 | CVE-2024-22418 | Cross-site Scripting vulnerability in Group-Office Group Office Group-Office is an enterprise CRM and groupware tool. | 5.4 |
2023-11-07 | CVE-2023-46730 | Server-Side Request Forgery (SSRF) vulnerability in Group-Office Group Office Group-Office is an enterprise CRM and groupware tool. | 8.8 |
2023-04-27 | CVE-2023-25292 | Cross-site Scripting vulnerability in Group-Office Group Office 6.6.145 Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. | 6.1 |
2021-04-14 | CVE-2021-28060 | Server-Side Request Forgery (SSRF) vulnerability in Group-Office Group Office 6.4.196 A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. | 5.0 |
2021-04-14 | CVE-2020-35419 | Cross-site Scripting vulnerability in Group-Office Group Office 6.4.196 Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. | 4.3 |
2021-04-14 | CVE-2020-35418 | Cross-site Scripting vulnerability in Group-Office Group Office 6.4.196 Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. | 3.5 |
2014-09-11 | CVE-2012-4240 | SQL Injection vulnerability in Group-Office Groupoffice SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | 6.5 |
2007-05-16 | CVE-2007-2720 | Security Bypass vulnerability in Group-Office Groupware 2.16.12 Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. network group-office | 4.3 |