exploitDog

CVE-2025-25191

Опубликовано: 06 мар. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.

Ссылки

https://github.com/Intermesh/groupoffice/commit/c5c83e19a5cdf93b0e758726c97597861f1d6eda
Patch
https://github.com/Intermesh/groupoffice/security/advisories/GHSA-j7p3-v652-p3gf
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:group-office:group_office:6.8.99:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00215

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 44%

0.00215

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79