PT-2025-22528 · Unknown · Group-Office
Kh0Kamoni
·
Published
2025-05-22
·
Updated
2025-05-30
·
CVE-2025-48368
CVSS v4.0
6.5
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Group-Office versions prior to 6.8.119
Group-Office versions prior to 25.0.20
Description
A DOM-based Cross-Site Scripting (XSS) issue exists in the Group-Office application, allowing attackers to execute arbitrary JavaScript code in the context of the victim's browser. This can lead to session hijacking, defacement, or redirection to malicious sites. The vulnerability can be triggered by injecting a crafted payload into a parameter that is later processed unsafely in the DOM.
Recommendations
For versions prior to 6.8.119, update to version 6.8.119 or later to resolve the issue.
For versions prior to 25.0.20, update to version 25.0.20 or later to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Group-Office