CVE-2025-48993 – Group-Office Reflected Cross-Site Scripting Vulnerability

June 16, 2025

CVE ID : CVE-2025-48993

Published : June 17, 2025, 1:15 a.m. | 25 minutes ago

Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application does not sanitize their input. This could result in a reflected cross-site scripting (XSS) attack. This issue has been patched in versions 6.8.123 and 25.0.27.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6147 – TOTOLINK A702R HTTP POST Request Handler Buffer Overflow Vulnerability

Next Article CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

The 5 gadgets that got me through marathons and obstacle races (and why they work)

This beastly 500W charger replaced every other charger I had – with six ports to boot

Mac Mini won’t power on? Apple will fix it for you – for free

Why I’m switching to VS Code. Hint: It’s all about AI tool integration

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

Building Construction suppliers in India

Neutralinojs v6.1 released

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Windows 11 test builds are accidentally playing the Windows Vista startup sound

Leaked: ROG Xbox Ally and Xbox Ally X pre-orders set for August, launch in October

CVE-2025-48993 – Group-Office Reflected Cross-Site Scripting Vulnerability

Keyless Entry Vulnerability (CVE-2025-6029) Threatens KIA Vehicles in Ecuador, Researcher Reports

Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet

The biggest miss in gaming handhelds just got hit with a major sale, so is it worth buying now?

CVE-2025-39367 – SeventhQueen Kleo Missing Authorization Vulnerability

CVE-2025-41399 – F5 BIG-IP SCTP Profile Memory Exhaustion Vulnerability

How to Create Telemetry Dashboards for Adobe Express Add-ons

Integrating Figma with Cursor IDE Using an MCP Server to Build a Web Login Page

Microsoft says Edge 134 is the fastest version of the browser ever

CLIP-UP: A Simple and Efficient Mixture-of-Experts CLIP Training Recipe with Sparse Upcycling

CVE-2025-4122 – Netgear JWNR2000 Command Injection Vulnerability

CVE-2025-48993 – Group-Office Reflected Cross-Site Scripting Vulnerability

Related Posts