Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when another user accesses it.
Add your gear to cvedb and we'll alert you only when groupsession ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.