216.73.216.170

CVE-2025-48993

· Published 17/06/2025 01:15 · Modified 17/06/2025 20:50

Labels: CVE-2025-48993 2025-06-17CVE-2025-48993CWE-79[email protected]

Essential information

Published
17/06/2025 01:15
Modified
17/06/2025 20:50
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application does not sanitize their input. This could result in a reflected cross-site scripting (XSS) attack. This issue has been patched in versions 6.8.123 and 25.0.27.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
group-office / group-office cpe:2.3:a:group-office:group-office:<6.8.123:*:*:*:*:*:*:*
group-office / group-office cpe:2.3:a:group-office:group-office:<25.0.27:*:*:*:*:*:*:*

References