Security Advisory

CVE-2026-30237

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-06 21:13:33

Last updated 2026-03-09 20:54:28

Assigner GitHub_M

State PUBLISHED

Description

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a <textarea>, allowing a </textarea><script>...</script> breakout.. This issue has been patched in versions 6.8.155, 25.0.88, and 26.0.10.

← Browse all CVEs View on cve.org ↗