RSS   Vulnerabilities for 'Group office'   RSS

2021-04-14
 
CVE-2021-28060

CWE-918
 

 
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.

 
 
CVE-2020-35419

CWE-79
 

 
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.

 
 
CVE-2020-35418

CWE-79
 

 
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.

 

 >>> Vendor: Group-office 3 Products
Group-office groupware
Groupoffice
Group office


Copyright 2024, cxsecurity.com

 

Back to Top