Diblei

**Name of the Vulnerable Software and Affected Versions** GroupOffice versions prior to 26.0.25 GroupOffice versions prior to 25.0.100 GroupOffice versions prior to 6.8.165 **Description** GroupOffice allows authenticated users to persist arbitrary legacy settings for any `user id` through the 'index.php?r=core/saveSetting' endpoint. A client-side sink in the email module injects the `email font size` setting directly into JavaScript without escaping. A low-privileged authenticated user can exploit these issues by overwriting an administrator's `email font size` setting with a JavaScript payload, triggering stored Cross-Site Scripting (XSS)—a technique where malicious scripts are permanently stored on the target server—in the administrator's browser when the web client loads 'views/Extjs3/modulescripts.php'. **Recommendations** Update to version 26.0.25. Update to version 25.0.100. Update to version 6.8.165.