CVEs / Details

CVE-2025-48993

Reflected XSS in Look and feel section of the application

Medium Severity CVSS 6.1 Published: June 16, 2025

Description

Vulnerability Details

Any user can update their Look and Feel Formatting input fields. The web applications do not sanitize user input. That is why inputting JavaScript causes the reflected xss vulnerability.

CVSS Vector

cvss:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Impacted Systems

cpe:2.3:a:intermesh:group-office:*:*:*:*:*:*:*:*

Vulnerability Type

XSS

Timeline

Disclosure Timeline

May 22, 2025

Discovery

Vulnerability initially discovered

Jun 02, 2025

Responsible Disclosure

Vendor notified

Jun 16, 2025

Publication

CVE published and disclosed publicly

Resources

References

NVD - CVE-2025-48993 MITRE - CVE-2025-48993 GitHub Advisory https://github.com/Intermesh/groupoffic…

Exploitation

Proof of Concept

View PoC Download PoC

For educational purposes only

Credit

Acknowledgments

Via GitHub

Thanks To

Acknowledgments

Merijn Schering

Intermesh

Back to All CVEs