CVE-2025-53504

Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.
References
Link Resource
https://jvn.jp/en/jp/JVN72111431/ Third Party Advisory
https://www.group-office.com/ Product
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:group-office:group_office:*:*:*:*:*:*:*:*
cpe:2.3:a:group-office:group_office:*:*:*:*:*:*:*:*

History

24 Sep 2025, 00:14

Type Values Removed Values Added
First Time Group-office
Group-office group Office
CPE cpe:2.3:a:group-office:group_office:*:*:*:*:*:*:*:*
References () https://jvn.jp/en/jp/JVN72111431/ - () https://jvn.jp/en/jp/JVN72111431/ - Third Party Advisory
References () https://www.group-office.com/ - () https://www.group-office.com/ - Product

22 Aug 2025, 18:09

Type Values Removed Values Added
Summary
  • (es) Las versiones de Group-Office anteriores a la 6.8.119 y a la 25.0.20 proporcionadas por Intermesh BV contienen una vulnerabilidad de cross-site scripting. Si se explota esta vulnerabilidad, se podría ejecutar un script arbitrario en el navegador web del usuario.

21 Aug 2025, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-21 05:15

Updated : 2025-09-24 00:14


NVD link : CVE-2025-53504

Mitre link : CVE-2025-53504

CVE.ORG link : CVE-2025-53504


JSON object : View

Products Affected

group-office

  • group_office
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')