cbcvebase.
CVE-2024-23941
published 2024-02-01

CVE-2024-23941: Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated…

PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.62%
45.1th percentile
Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

Affected

6 ranges
VendorProductVersion rangeFixed in
group-officegroup_office< 6.6.1826.6.182
group-officegroup_office>= 6.7.0 < 6.7.646.7.64
group-officegroup_office>= 6.8.0 < 6.8.316.8.31
intermesh_bvgroup_office
intermesh_bvgroup_office
intermesh_bvgroup_office
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.