Detections
Analytics

CVE-2025-25191

medium

Description

Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.

References

https://github.com/Intermesh/groupoffice/security/advisories/GHSA-j7p3-v652-p3gf

https://github.com/Intermesh/groupoffice/commit/c5c83e19a5cdf93b0e758726c97597861f1d6eda

Details

Source: Mitre, NVD

Published: 2025-03-06

Updated: 2025-03-06

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Severity: Medium