Vulnerabilidades en Intermesh
19 resultadosCVE-2026-25512CRITICALGroup-Office is vulnerable to RCE due to Command Injection via TNEF Attachment HandlerEPSS 18.5%CVE-2026-34838CRITICALGroup-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection`EPSS 1.0%CVE-2026-25134CRITICALGroup-Office Argument Injection in MaintenanceController::actionZipLanguageEPSS 0.8%CVE-2026-27947CRITICALGroup-Office Vulnerable to Remote Code Execution (RCE)EPSS 0.7%CVE-2023-46730HIGHServer-Side Request Forgery in groupoffice EPSS 0.6%CVE-2024-22418MEDIUMStored Cross-site Scripting Vulnerability via Malicious File Names in GroupOfficeEPSS 0.4%CVE-2026-25511HIGHGroup-Office is vulnerable to SSRF and File Read in WOPI service discoveryEPSS 0.4%CVE-2026-33755HIGHAuthenticated SQL Injection in Contact/query addressBookIds filterEPSS 0.4%CVE-2026-30238MEDIUMGroup-Office: Reflected XSS in JavaScript contextEPSS 0.3%CVE-2025-25191MEDIUMGroup-Office has a Stored XSS Vulnerability via user's name fieldEPSS 0.3%CVE-2026-23887MEDIUMGroup-Office has stored XSS vulnerability via unsanitized filenamesEPSS 0.2%CVE-2026-27832HIGHGroup-Office Has Authenticated SQL Injection in advancedQueryData.comparatorEPSS 0.2%CVE-2026-30237LOWGroup-Office: Self XSS in GroupOffice Installer License Page (install/license.php)EPSS 0.2%CVE-2026-45551MEDIUMGroup-Office: Authenticated Stored XSS in Administrator Context via Arbitrary Cross-User Setting WriteEPSS 0.2%CVE-2025-48992MEDIUMGroup-Office vulnerable to blind XSSEPSS 0.2%CVE-2025-48366MEDIUMGroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized ActionsEPSS 0.2%CVE-2025-48368MEDIUMGroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript ExecutionEPSS 0.2%CVE-2025-48369MEDIUMGroupOffice vulnerable to Stored XSS in Tasks Comment SectionEPSS 0.2%CVE-2025-48993MEDIUMGroup-Office vulnerable to reflected XSS via Look and Feel Formatting inputEPSS 0.2%