Vulnerabilities > Group Office

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-01	CVE-2024-23941	Cross-site Scripting vulnerability in Group-Office Group Office Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. network low complexity group-office CWE-79	5.4
2024-01-18	CVE-2024-22418	Cross-site Scripting vulnerability in Group-Office Group Office Group-Office is an enterprise CRM and groupware tool. network low complexity group-office CWE-79	5.4
2023-11-07	CVE-2023-46730	Server-Side Request Forgery (SSRF) vulnerability in Group-Office Group Office Group-Office is an enterprise CRM and groupware tool. network low complexity group-office CWE-918	8.8
2023-04-27	CVE-2023-25292	Cross-site Scripting vulnerability in Group-Office Group Office 6.6.145 Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. network low complexity group-office CWE-79	6.1
2021-04-14	CVE-2021-28060	Server-Side Request Forgery (SSRF) vulnerability in Group-Office Group Office 6.4.196 A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. network low complexity group-office CWE-918	5.0
2021-04-14	CVE-2020-35419	Cross-site Scripting vulnerability in Group-Office Group Office 6.4.196 Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. network group-office CWE-79	4.3
2021-04-14	CVE-2020-35418	Cross-site Scripting vulnerability in Group-Office Group Office 6.4.196 Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. network group-office CWE-79	3.5
2014-09-11	CVE-2012-4240	SQL Injection vulnerability in Group-Office Groupoffice SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. network low complexity group-office CWE-89	6.5
2007-05-16	CVE-2007-2720	Security Bypass vulnerability in Group-Office Groupware 2.16.12 Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. network group-office	4.3

Vulnerabilities > Group Office {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Group Office"}]}

Vulnerabilities > Group Office