CVE-2025-53504
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-09-24
Assigner: JPCERT/CC
Description
Description
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| group-office | group_office | to 6.8.119 (exc) |
| group-office | group_office | From 25.0.1 (inc) to 25.0.20 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site scripting (XSS) issue in Group-Office versions prior to 6.8.119 and prior to 25.0.20. It allows an attacker to execute arbitrary scripts in the user's web browser if exploited.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow attackers to run arbitrary scripts in your web browser, potentially leading to unauthorized actions, data theft, or session hijacking within the affected application.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70