Known Vulnerabilities for products from Group-office

Listed below are 8 of the newest known vulnerabilities associated with the vendor "Group-office".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-34838 json		Not Provided	2026-04-02	2026-04-03
CVE-2026-33755 json		Not Provided	2026-03-27	2026-03-27
CVE-2024-22418 json		5.4 - MEDIUM	2024-01-18	2024-01-25
CVE-2023-46730 json	Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) v...	8.8 - HIGH	2023-11-07	2023-11-14
CVE-2023-25292 json	Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privile...	6.1 - MEDIUM	2023-04-27	2023-05-05
CVE-2021-28060 json	A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to ...	5.3 - MEDIUM	2021-04-14	2021-04-19
CVE-2020-35419 json	Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.	6.1 - MEDIUM	2021-04-14	2021-04-19
CVE-2020-35418 json	Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.	5.4 - MEDIUM	2021-04-14	2021-04-19
CVE-2012-4240 json	SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated ...	6.5 - MEDIUM	2014-09-11	2017-08-29
CVE-2007-2720 json	Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive informatio...	Not Provided	2007-05-16	2026-04-23