📦 Group Office

This CVE describes a remote code execution vulnerability in Group-Office where an authenticated attacker can execute arbitrary system commands on the server by injecting shell metacharacters into the ...

This vulnerability allows remote code execution in Group-Office by exploiting improper input validation in the MaintenanceController's zipLanguage action. Attackers can inject malicious commands throu...

This vulnerability allows remote attackers to execute arbitrary code on GroupOffice installations via improper input validation in the dbToApi() function and eval() usage in FunctionField.php. It affe...

This vulnerability allows authenticated users in the System Administrator group of Group-Office to perform Server-Side Request Forgery (SSRF) attacks via the WOPI service discovery URL. Attackers can ...

Group-Office versions 6.8.148 and below, and 25.0.1 through 25.0.79 have a stored XSS vulnerability where unsanitized filenames are stored in the database. When users view these malicious filenames in...

Group-Office versions before 6.8.119 and 25.0.20 contain a path traversal vulnerability that allows attackers to access files outside the intended directory. This affects all servers running vulnerabl...

Group-Office versions before 6.8.119 and 25.0.20 contain a cross-site scripting (XSS) vulnerability that allows attackers to execute arbitrary scripts in users' web browsers. This affects all users of...

This stored cross-site scripting (XSS) vulnerability in Group-Office allows attackers to inject malicious scripts into the Name field, which are then executed when other users view the affected conten...