CVE-2025-25191
MEDIUMGroup-Office - Stored Cross-Site Scripting in Name Field
Title source: llmDescription
Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/Intermesh/groupoffice/security/advisories/GHSA-j7p3-v652-p3gf
Scores
CVSS v3
5.4
EPSS
0.0026
EPSS Percentile
16.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
group-office/group_office
6.8.99
Published
Mar 06, 2025
Tracked Since
Feb 18, 2026