Group-office Group_office
15 CVEs affecting Group-office Group_office. Latest disclosed: 2026-02-04. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-25512 | High | 8.8 | 2026-02-04 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execu… |
CVE-2026-25134 | High | 8.8 | 2026-02-02 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an… |
CVE-2025-63406 | High | 8.8 | 2025-11-13 | An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in… |
CVE-2023-46730 | High | 7.4 | 2023-11-07 | Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.ph… |
CVE-2024-22418 | Medium | 6.5 | 2024-01-18 | Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group O… |
CVE-2023-25292 | Medium | 6.1 | 2023-04-27 | Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information… |
CVE-2020-35419 | Medium | 6.1 | 2021-04-14 | Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. |
CVE-2026-23887 | Medium | 5.4 | 2026-01-22 | Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application s… |
CVE-2025-53504 | Medium | 5.4 | 2025-08-21 | Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exp… |
CVE-2025-25191 | Medium | 5.4 | 2025-03-06 | Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before… |
CVE-2024-23941 | Medium | 5.4 | 2024-02-01 | Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated atta… |
CVE-2020-35418 | Medium | 5.4 | 2021-04-14 | Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. |
CVE-2025-53505 | Medium | 5.3 | 2025-08-21 | Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited… |
CVE-2021-28060 | Medium | 5.3 | 2021-04-14 | A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url paramet… |
CVE-2026-25511 | Medium | 4.9 | 2026-02-04 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within… |