cvedb.io
CVE-2025-48993
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2025-06-17T01:15:22.360 · Last modified 2026-06-17T09:30:38.060

Summary

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application does not sanitize their input. This could result in a reflected cross-site scripting (XSS) attack. This issue has been patched in versions 6.8.123 and 25.0.27.

Affected products

intermesh — group-office

Does this affect you?

Add your gear to cvedb and we'll alert you only when intermesh ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.