CNNVD-202601-3450 Information
CNNVD ID
CNNVD-202601-3450
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Group Office是荷兰Group Office公司的一款模块化的办公套件。 Group Office 6.8.148及之前版本和25.0.1版本至25.0.79版本存在跨站脚本漏洞,该漏洞源于应用程序在数据库中存储未清理的文件名,可能导致存储型跨站脚本攻击。
Description (English)
Group Office is a modular office package for the Dutch company Group Office. Group Office 6.8.148 and earlier versions 25.0.1 to 25.0.79 contain a cross-site script loophole, which stems from the fact that the application stores uncleaned file names in the database and may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Group Office
Published
2026-01-22
Last Modified
2026-02-24
References
https://github.com/Intermesh/groupoffice/commit/3fa40d7edd31fbe33babe07061d5a14ad19ea40f https://github.com/Intermesh/groupoffice/security/advisories/GHSA-3gj5-gvvr-g6hp https://github.com/Intermesh/groupoffice/commit/ac91b128157bc9c5ea015b6141ce71cd3bbc43f0 https://access.redhat.com/security/cve/cve-2026-23887
Patch
https://github.com/Intermesh/groupoffice/releases
Share on: