Intermesh Groupoffice
19 CVEs affecting Intermesh Groupoffice. Latest disclosed: 2026-05-29. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34838 | Critical | 10.0 | 2026-04-02 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the Abst… |
CVE-2026-33755 | High | 8.8 | 2026-03-27 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Inject… |
CVE-2023-46730 | High | 7.4 | 2023-11-07 | Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.ph… |
CVE-2024-22418 | Medium | 6.5 | 2024-01-18 | Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group O… |
CVE-2026-45551 | | 2026-05-29 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated us… | |
CVE-2026-30238 | | 2026-03-06 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vu… | |
CVE-2026-30237 | | 2026-03-06 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vu… | |
CVE-2026-27947 | | 2026-02-27 | Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote… | |
CVE-2026-27832 | | 2026-02-27 | Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) v… | |
CVE-2026-25511 | | 2026-02-04 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within… | |
CVE-2026-25512 | | 2026-02-04 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execu… | |
CVE-2026-25134 | | 2026-02-02 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an… | |
CVE-2026-23887 | | 2026-01-21 | Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application s… | |
CVE-2025-48993 | | 2025-06-17 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be… | |
CVE-2025-48992 | | 2025-06-16 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripti… | |
CVE-2025-48369 | | 2025-05-22 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XS… | |
CVE-2025-48368 | | 2025-05-22 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS… | |
CVE-2025-48366 | | 2025-05-22 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability… | |
CVE-2025-25191 | | 2025-03-06 | Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before… |