XSS in Intermesh Groupoffice

CVE-2026-30238

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter (Base64 J…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (4.5th percentile) — read the EPSS interpretation.