exploitDog

GHSA-r3gq-2jpg-6v2w

Опубликовано: 12 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 6.9

CVSS3: 5.3

Описание

GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may be exposed.

GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may be exposed.

Ссылки

EPSS

Процентиль: 5%

0.00021

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-1385

Связанные уязвимости

CVE-2025-61987

CVSS3: 5.3

nvd

около 2 месяцев назад

GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may be exposed.

EPSS

Процентиль: 5%

0.00021

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-1385