Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Group-Office vulnerable to blind XSS
Vulnerability Description
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
groupoffice 安全漏洞
Vulnerability Description
groupoffice是Intermesh开源的一个集团办公室群件和CRM。 groupoffice 6.8.123和25.0.27之前版本存在安全漏洞,该漏洞源于存储型和盲型跨站脚本,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A