CVE-2024-23941
published 2024-02-01CVE-2024-23941: Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.62%
45.1th percentile
Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| group-office | group_office | < 6.6.182 | 6.6.182 |
| group-office | group_office | >= 6.7.0 < 6.7.64 | 6.7.64 |
| group-office | group_office | >= 6.8.0 < 6.8.31 | 6.8.31 |
| intermesh_bv | group_office | — | — |
| intermesh_bv | group_office | — | — |
| intermesh_bv | group_office | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-01
Published