CVE-2025-48992 – Group-Office Cross-Site Scripting Vulnerability

June 16, 2025

CVE ID : CVE-2025-48992

Published : June 16, 2025, 11:15 p.m. | 1 hour, 34 minutes ago

Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6145 – TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

Next Article CVE-2025-43200 – Apple WatchOS/IOS/MacOS/iPadOS/VisionOS Photo/Video Processing Logic Vulnerability

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

Docker Compose gets new features for building and running agents

Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

Don’t miss out on the best ROG Ally accessory deals going on now — Improve your gaming handheld PC with a microSD card, power bank, dock, and more

Regolith – A JavaScript library immune to ReDoS attacks

Regolith – A JavaScript library immune to ReDoS attacks

Create Your Own Redux: Build a Custom State Management in React

Perficient Nagpur Celebrates Contentstack Implementation Certification Success!

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

CVE-2025-48992 – Group-Office Cross-Site Scripting Vulnerability

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

May Update adds GeForce Now to Xbox app, new Game Bar features & more

Scaling up learning across many different robot types

Basic Networking Part 2 — What Is Data Packets?

Why MongoDB is the Perfect Fit for a Unified Namespace

SeedLM: Compressing LLM Weights into Seeds of Pseudo-Random Generators

CVE-2025-47646 – Gilblas Ngunte Possi PSW Front-end Login & Registration Weak Password Recovery Mechanism

Microsoft AI boss confirms development of “off-frontier” AI models, but they’ll be 3 or 6 months behind OpenAI: “Our strategy is to really play a very tight second”

CVE-2024-56731 – Gogs Remote Command Execution Vulnerability

CVE-2025-48992 – Group-Office Cross-Site Scripting Vulnerability

Related Posts