Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

groupoffice — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in groupoffice, with AI-generated Chinese analysis, references, and POCs.

Vendor: Intermesh

CVE IDTitleCVSSSeverityPublished
CVE-2026-34838 Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection` CWE-502 10.0 Critical2026-04-02
CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter CWE-89 8.8 High2026-03-27
CVE-2026-30238 Group-Office: Reflected XSS in JavaScript context CWE-79 6.1 -2026-03-06
CVE-2026-30237 Group-Office: Self XSS in GroupOffice Installer License Page (install/license.php) CWE-79 6.1 -2026-03-06
CVE-2026-27947 Group-Office Vulnerable to Remote Code Execution (RCE) CWE-88 8.0 -2026-02-27
CVE-2026-27832 Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator CWE-89 8.8 -2026-02-27
CVE-2026-25511 Group-Office is vulnerable to SSRF and File Read in WOPI service discovery CWE-918 6.8AIMediumAI2026-02-04
CVE-2026-25512 Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler CWE-78 8.8AIHighAI2026-02-04
CVE-2026-25134 Group-Office Argument Injection in MaintenanceController::actionZipLanguage CWE-88 7.2AIHighAI2026-02-02
CVE-2026-23887 Group-Office has stored XSS vulnerability via unsanitized filenames CWE-79 5.4AIMediumAI2026-01-21
CVE-2025-48993 Group-Office vulnerable to reflected XSS via Look and Feel Formatting input CWE-79 6.1AIMediumAI2025-06-17
CVE-2025-48992 Group-Office vulnerable to blind XSS CWE-79 5.4AIMediumAI2025-06-16
CVE-2025-48369 GroupOffice vulnerable to Stored XSS in Tasks Comment Section CWE-79 5.4AIMediumAI2025-05-22
CVE-2025-48368 GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution CWE-79 6.1AIMediumAI2025-05-22
CVE-2025-48366 GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions CWE-79 5.4AIMediumAI2025-05-22
CVE-2025-25191 Group-Office has a Stored XSS Vulnerability via user's name field CWE-79 5.4 -2025-03-06
CVE-2024-22418 Stored Cross-site Scripting Vulnerability via Malicious File Names in GroupOffice CWE-79 6.5 Medium2024-01-18
CVE-2023-46730 Server-Side Request Forgery in groupoffice CWE-918 7.4 High2023-11-07

All 18 known CVE vulnerabilities affecting groupoffice with full Chinese analysis, references, and POCs where available.