CVE-2025-48368 – Group-Office DOM-Based Cross-Site Scripting Vulnerability

May 22, 2025

CVE ID : CVE-2025-48368

Published : May 22, 2025, 6:15 p.m. | 36 minutes ago

Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim’s browser. This can lead to session hijacking, defacement, or redirection to malicious sites. The vulnerability can be triggered by injecting a crafted payload into a parameter that is later processed unsafely in the DOM. Versions 6.8.119 and 25.0.20 contain a fix for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48066 – Wire Webapp Local Data Deletion Failure

Next Article CVE-2025-30173 – Aspect Server-Side Request Forgery (SSRF) Vulnerability

15 Proven Benefits of Outsourcing Node.js Development for Large Organizations

10 Reasons to Choose Full-Stack Techies for Your Next React.js Development Project

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

You can get a Snapdragon X-powered laptop for under $500 right now — a low I didn’t think we’d see this Prime Day week

Sam Altman admits current computers were designed for an AI-free world — but OpenAI’s new type of computer will make the AI revolution “transcendentally good”

It doesn’t matter how many laptops I review or how great the deals are — this is the one I keep coming back to over and over again

Leading Experts in Meme Coin Development – Beleaf Technologies

Leading Experts in Meme Coin Development – Beleaf Technologies

Redefining Quality Engineering – Tricentis India Partner Event

Enhancing JSON Responses with Laravel Model Appends

Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

You can get a Snapdragon X-powered laptop for under $500 right now — a low I didn’t think we’d see this Prime Day week

Sam Altman admits current computers were designed for an AI-free world — but OpenAI’s new type of computer will make the AI revolution “transcendentally good”

CVE-2025-48368 – Group-Office DOM-Based Cross-Site Scripting Vulnerability

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

CVE-2025-5422 – “Juzaweb CMS Remote Unauthenticated Access Control Bypass”

Diablo 4, one of Blizzard’s best Xbox games, is now 64% off — a devilish Anti-Amazon Prime Day discount that’s worth taking over Amazon’s deals

CVE-2025-4094 – “Acunetix DIGITS WordPress OTP Brute Force Vulnerability”

Inclusivity with Voice & Language [SUBSCRIBER]

AlphaProteo generates novel proteins for biology and health research

CVE-2025-30169 – Aspect File Upload and Execute PHP Script Injection Vulnerability

CVE-2024-13089 – Nozomi Networks Guardian and CMC OS Command Injection Vulnerability

Gild Just One Lily

CVE-2025-48368 – Group-Office DOM-Based Cross-Site Scripting Vulnerability

Related Posts