Description

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application does not sanitize their input. This could result in a reflected cross-site scripting (XSS) attack. This issue has been patched in versions 6.8.123 and 25.0.27.

INFO

Published Date :

2025-06-17T00:43:35.194Z

Last Modified :

2025-06-17T13:45:06.357Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-48993 vulnerability.

Vendors Products
Intermesh
  • Group-office
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48993.

URL Resource
https://github.com/Intermesh/groupoffice/commit/1e2a2450f204174f87a93217838d74718996dcdd cve-icon cve-icon
https://github.com/Intermesh/groupoffice/commit/a9031884f6a6fbd0f08a8b7790514b5bc0937c11 cve-icon cve-icon
https://github.com/Intermesh/groupoffice/security/advisories/GHSA-xv2x-v374-92gv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact