Group-office Group_office

15 CVEs affecting Group-office Group_office. Latest disclosed: 2026-02-04. Critical: 0, High: 4.

Top CVEs affecting Group-office Group_office
CVESeverityScorePublishedSummary
CVE-2026-25512High8.82026-02-04Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execu…
CVE-2026-25134High8.82026-02-02Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an…
CVE-2025-63406High8.82025-11-13An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in…
CVE-2023-46730High7.42023-11-07Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.ph…
CVE-2024-22418Medium6.52024-01-18Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group O…
CVE-2023-25292Medium6.12023-04-27Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information…
CVE-2020-35419Medium6.12021-04-14Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
CVE-2026-23887Medium5.42026-01-22Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application s…
CVE-2025-53504Medium5.42025-08-21Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exp…
CVE-2025-25191Medium5.42025-03-06Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before…
CVE-2024-23941Medium5.42024-02-01Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated atta…
CVE-2020-35418Medium5.42021-04-14Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
CVE-2025-53505Medium5.32025-08-21Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited…
CVE-2021-28060Medium5.32021-04-14A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url paramet…
CVE-2026-25511Medium4.92026-02-04Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within…