CVE-2025-48993 – Group-Office Reflected Cross-Site Scripting Vulnerability

June 16, 2025

CVE ID : CVE-2025-48993

Published : June 17, 2025, 1:15 a.m. | 25 minutes ago

Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application does not sanitize their input. This could result in a reflected cross-site scripting (XSS) attack. This issue has been patched in versions 6.8.123 and 25.0.27.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6147 – TOTOLINK A702R HTTP POST Request Handler Buffer Overflow Vulnerability

Next Article CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-48993 – Group-Office Reflected Cross-Site Scripting Vulnerability

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

Bing Search APIs to be “decommissioned completely” as Microsoft urges developers to use its Azure agentic AI alternative

Here’s how you can still trade in any phone at Verizon to get an iPhone, iPad, and Apple Watch free

CVE-2025-6883 – Code-Projects Staff Audit System SQL Injection

CVE-2025-48906 – DSoftBus Authentication Bypass Vulnerability

CVE-2025-7673 – Zyxel zhttpd Web Server Buffer Overflow Vulnerability

CVE-2025-7060 – Monitorr Remote File Inclusion Vulnerability

CVE-2025-7438 – MasterStudy LMS Pro WordPress Arbitrary File Upload Vulnerability

CVE-2024-12442 – EnerSys AMPA Command Injection Vulnerability

CVE-2025-48993 – Group-Office Reflected Cross-Site Scripting Vulnerability

Related Posts