Описание
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application does not sanitize their input. This could result in a reflected cross-site scripting (XSS) attack. This issue has been patched in versions 6.8.123 and 25.0.27.
Уязвимые конфигурации
Конфигурация 1Версия до 6.8.123 (исключая)Версия от 25.0.1 (включая) до 25.0.27 (исключая)
Одно из
cpe:2.3:a:intermesh:group-office:*:*:*:*:*:*:*:*
cpe:2.3:a:intermesh:group-office:*:*:*:*:*:*:*:*
EPSS
Процентиль: 6%
0.00024
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
EPSS
Процентиль: 6%
0.00024
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79