Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
group-office group office vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2024-23941
Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated malicious user to execute an arbitrary script on the web browser of the user who is logging in to the product.
Group-office Group Office
5.4
CVSSv3
CVE-2024-22418
Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an malicious user to execute arbitrary JavaScript code by embedding it within a file's name. For in...
Group-office Group Office
8.8
CVSSv3
CVE-2023-46730
Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make r...
Group-office Group Office
6.1
CVSSv3
CVE-2023-25292
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows malicious users to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.
Group-office Group Office 6.6.145
2 Github repositories
6.1
CVSSv3
CVE-2020-35419
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
Group-office Group Office 6.4.196
5.4
CVSSv3
CVE-2020-35418
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
Group-office Group Office 6.4.196
5.3
CVSSv3
CVE-2021-28060
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote malicious user to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
Group-office Group Office 6.4.196
NA
CVE-2012-4240
SQL injection vulnerability in modules/calendar/json.php in Group-Office community prior to 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
Group-office Groupoffice
1 EDB exploit
NA
CVE-2010-3428
SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote malicious users to execute arbitrary SQL commands via the category_id parameter in a category action.
Intermesh Group-office 3.5.9
1 EDB exploit
NA
CVE-2007-2720
Group-Office prior to 2.16-13 does not properly validate user IDs, which allows remote malicious users to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party inform...
Group-office Group-office Groupware 2.16.12
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started