CVE-2025-48368 – Group-Office DOM-Based Cross-Site Scripting Vulnerability

May 22, 2025

CVE ID : CVE-2025-48368

Published : May 22, 2025, 6:15 p.m. | 36 minutes ago

Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim’s browser. This can lead to session hijacking, defacement, or redirection to malicious sites. The vulnerability can be triggered by injecting a crafted payload into a parameter that is later processed unsafely in the DOM. Versions 6.8.119 and 25.0.20 contain a fix for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48066 – Wire Webapp Local Data Deletion Failure

Next Article CVE-2025-30173 – Aspect Server-Side Request Forgery (SSRF) Vulnerability

Highlights

CVE-2025-4448 – D-Link DIR-619L Remote Buffer Overflow Vulnerability

May 9, 2025

CVE ID : CVE-2025-4448

Published : May 9, 2025, 1:15 a.m. | 2 hours, 22 minutes ago

Description : A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

My favorite gaming service is 40% off right now (and no, it’s not Xbox Game Pass)

A timeline of JavaScript’s history

A timeline of JavaScript’s history

Loading JSON Data into Snowflake From Local Directory

Streamline Conditional Logic with Laravel’s Fluent Conditionable Trait

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

CVE-2025-48368 – Group-Office DOM-Based Cross-Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-47535 – Opal Woo Custom Product Variation Path Traversal

CVE-2025-5030 – Ackites KillWxapkg os Command Injection Vulnerability

How Does AI-Powered Risk Assessment Optimize Insurance Management

Microsoft Surface Laptop may rival MacBook with a Trackpad that doubles as a speaker

Scaling Fast, my talk on lessons from tech startups

CVE-2025-4448 – D-Link DIR-619L Remote Buffer Overflow Vulnerability

Improve Your Next Experiment by Learning Better Proxy Metrics From Past Experiments

Hiring Kit: Storage Engineer

Enhance your media search experience using Amazon Q Business and Amazon Transcribe

CVE-2025-48368 – Group-Office DOM-Based Cross-Site Scripting Vulnerability

Related Posts