CVE-2024-23941

Published: Feb 1, 2024Modified: Jun 4, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

Affected (3)

Products: Group Office: Group Office

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Group Office Group Office	Before 6.6.182
Group Office Group Office	From 6.7.0 to 6.7.64
Group Office Group Office	From 6.8.0 to 6.8.31

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

https://github.com/Intermesh/groupoffice/

Source: vultures@jpcert.or.jp

Product

https://jvn.jp/en/jp/JVN63567545/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.group-office.com/

Source: vultures@jpcert.or.jp

Product

https://github.com/Intermesh/groupoffice/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://jvn.jp/en/jp/JVN63567545/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.group-office.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.