XSS in Intermesh Groupoffice

CVE-2026-45551

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any user_id via index.php?r=core/sa…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (15.3th percentile) — read the EPSS interpretation.