PT-2025-50880 · Unknown · Groupsession
Published
2025-12-12
·
Updated
2025-12-12
·
CVE-2025-66284
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GroupSession versions prior to 5.7.1
Description
Stored cross-site scripting vulnerabilities exist. A logged-in user can create a malicious page or URL, potentially leading to the execution of arbitrary scripts in another user's web browser upon access.
Recommendations
Update GroupSession to version 5.7.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Groupsession