cbcvebase.

Intermesh Groupoffice vulnerabilities

19 known vulnerabilities affecting intermesh/groupoffice.

Total CVEs
19
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM12

Vulnerabilities

Page 1 of 1
CVE-2026-25512P1HIGHCVSS 8.8PoCfixed in 6.8.150fixed in 25.0.82+1 more2026-02-04
CVE-2026-25512 [HIGH] CWE-78 CVE-2026-25512: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmp_file into an exec() call. By injecting shel
nvd
CVE-2026-34838P2CRITICALCVSS 9.9fixed in 6.8.156fixed in 25.0.90+1 more2026-04-02
CVE-2026-34838 [CRITICAL] CWE-502 CVE-2026-34838: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar object into a setting string, an authenticated attacker
nvd
CVE-2026-27947P2HIGHCVSS 8.8v>= 26.0.0, < 26.0.9v>= 25.0.0, < 25.0.87+1 more2026-02-27
CVE-2026-27947 [HIGH] CWE-88 CVE-2026-27947: Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from `winmail.dat` and then invokes `zip` with a shell wildcard (`*`).
nvd
CVE-2026-25134P2HIGHCVSS 8.8fixed in 6.8.150v>= 25.0.0, < 25.0.82+1 more2026-02-02
CVE-2026-25134 [HIGH] CWE-88 CVE-2026-25134: Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec(). This can be combined with uploading a crafted zip file to achieve remote code execution.
nvd
CVE-2026-33755P3HIGHCVSS 8.8fixed in 6.8.158fixed in 25.0.92+1 more2026-03-27
CVE-2026-33755 [HIGH] CWE-89 CVE-2026-33755: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP `Contact/query` endpoint allows any authenticated user with basic addressbook access to extract arbitrary data from the database — including active session tokens of
nvd
CVE-2023-46730P3HIGHCVSS 8.8v>= 6.3.0, < 6.6.177v>= 6.7.0, < 6.7.54+1 more2023-11-07
CVE-2023-46730 [HIGH] CWE-918 CVE-2023-46730: Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// c
nvd
CVE-2026-27832P3HIGHCVSS 8.8fixed in 6.8.153v>= 25.0.0, < 25.0.87+1 more2026-02-27
CVE-2026-27832 [HIGH] CWE-89 CVE-2026-27832: Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) vulnerability, exploitable through the `advancedQueryData` parameter (`comparator` field) on an authenticated endpoint. The endpoint `index.php?r=email/template/emailSelection` processes `advanced
nvd
CVE-2026-45551P4MEDIUMCVSS 5.1v>= 26.0.1, < 26.0.25v>= 25.0.1, < 25.0.1005+1 more2026-05-29
CVE-2026-45551 [MEDIUM] CWE-79 CVE-2026-45551: Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any user_id via index.php?r=core/saveSetting. A separate client-side sink in the email module injects the email_font_size setting directly into Java
nvd
CVE-2026-25511P4MEDIUMCVSS 4.9fixed in 6.8.150fixed in 25.0.82+1 more2026-02-04
CVE-2026-25511 [MEDIUM] CWE-918 CVE-2026-25511: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The SSRF response body can be exfiltrated via the built‑in
nvd
CVE-2026-30238P4MEDIUMCVSS 6.1fixed in 6.8.155fixed in 25.0.88+1 more2026-03-06
CVE-2026-30238 [MEDIUM] CWE-79 CVE-2026-30238: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter (Base64 JSON) is decoded and then injected into an inline JavaScript block without strict escaping, allowing ... injection
nvd
CVE-2024-22418P4MEDIUMCVSS 5.4fixed in 6.8.292024-01-18
CVE-2024-22418 [MEDIUM] CWE-79 CVE-2024-22418: Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerabili Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename such as “>.jpg” triggers the vulnerability. When this file
nvd
CVE-2026-23887P4MEDIUMCVSS 5.4fixed in 6.8.149v>= 25.0.1, < 25.0.802026-01-22
CVE-2026-23887 [MEDIUM] CWE-20 CVE-2026-23887: Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.1 Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting (XSS). Users who interact with these specially crafted file names within the Group-Office application
nvd
CVE-2025-48366P4MEDIUMCVSS 5.4fixed in 6.8.119fixed in 25.0.202025-05-22
CVE-2025-48366 [MEDIUM] CWE-79 CVE-2025-48366: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persistent JavaScript payloads, which are triggered in the conte
nvd
CVE-2026-30237P4MEDIUMCVSS 6.1fixed in 6.8.155fixed in 25.0.88+1 more2026-03-06
CVE-2026-30237 [MEDIUM] CWE-79 CVE-2026-30237: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a , allowing a ... breakout.. This issue has been patched in v
nvd
CVE-2025-48369P4MEDIUMCVSS 5.4fixed in 6.8.119fixed in 25.0.202025-05-22
CVE-2025-48369 [MEDIUM] CWE-79 CVE-2025-48369: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an file with a crafted filename. When administrators or oth
nvd
CVE-2025-48993P4MEDIUMCVSS 6.1fixed in 6.8.123fixed in 25.0.272025-06-17
CVE-2025-48993 [MEDIUM] CWE-79 CVE-2025-48993: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application does not sanitize their input. This could result in a
nvd
CVE-2025-25191P4MEDIUMCVSS 5.4fixed in 6.8.1002025-03-06
CVE-2025-25191 [MEDIUM] CWE-79 CVE-2025-25191: Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where use Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.
nvd
CVE-2025-48368P4MEDIUMCVSS 5.4fixed in 6.8.119fixed in 25.0.202025-05-22
CVE-2025-48368 [MEDIUM] CWE-79 CVE-2025-48368: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim's browser. This can lead to session hijacking, deface
nvd
CVE-2025-48992P4MEDIUMCVSS 4.8fixed in 6.8.123fixed in 25.0.272025-06-16
CVE-2025-48992 [MEDIUM] CWE-79 CVE-2025-48992: Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to
nvd
Intermesh Groupoffice vulnerabilities | cvebase