CVE-2025-48992 – Group-Office Cross-Site Scripting Vulnerability

June 16, 2025

CVE ID : CVE-2025-48992

Published : June 16, 2025, 11:15 p.m. | 1 hour, 34 minutes ago

Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6145 – TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

Next Article CVE-2025-43200 – Apple WatchOS/IOS/MacOS/iPadOS/VisionOS Photo/Video Processing Logic Vulnerability

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-48992 – Group-Office Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach

Microsoft dubs latest Windows 11 release “most reliable version of Windows yet” — PCs that upgrade will see an improved experience compared to Windows 10

Build multi-agent systems with LangGraph and Amazon Bedrock

Erie Moon Mammoths Merch

CVE-2025-4378 – Ataturk University ATA-AOF Mobile Application Cleartext Transmission and Hard-coded Credentials Vulnerability

I found a smart air purifier that doubles as a pet bed (and my cat loves it)

Build an intelligent multi-agent business expert using Amazon Bedrock

Revised instructions for troubleshooting the warp confabulator

CVE-2025-48992 – Group-Office Cross-Site Scripting Vulnerability

Related Posts