XSS in Intermesh Groupoffice

CVE-2026-30237

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (4.3th percentile) — read the EPSS interpretation.