Intermesh — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Intermesh. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Intermesh develops open-source collaboration platforms primarily used for organizational communication and workflow management. Historically, vulnerabilities have frequently included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and access control issues. The platform's complex architecture and extensive plugin ecosystem have contributed to security challenges, with 18 CVEs documented to date. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations relying on the software without rigorous hardening and timely patching.

Top products by Intermesh: groupoffice

CVE ID	Title	CVSS	Severity	Published
CVE-2026-34838	Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection` — groupofficeCWE-502	10.0	Critical	2026-04-02
CVE-2026-33755	Authenticated SQL Injection in Contact/query addressBookIds filter — groupofficeCWE-89	8.8	High	2026-03-27
CVE-2026-30238	Group-Office: Reflected XSS in JavaScript context — groupofficeCWE-79	6.1	-	2026-03-06
CVE-2026-30237	Group-Office: Self XSS in GroupOffice Installer License Page (install/license.php) — groupofficeCWE-79	6.1	-	2026-03-06
CVE-2026-27947	Group-Office Vulnerable to Remote Code Execution (RCE) — groupofficeCWE-88	8.0	-	2026-02-27
CVE-2026-27832	Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator — groupofficeCWE-89	8.8	-	2026-02-27
CVE-2026-25511	Group-Office is vulnerable to SSRF and File Read in WOPI service discovery — groupofficeCWE-918	6.8^AI	Medium^AI	2026-02-04
CVE-2026-25512	Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler — groupofficeCWE-78	8.8^AI	High^AI	2026-02-04
CVE-2026-25134	Group-Office Argument Injection in MaintenanceController::actionZipLanguage — groupofficeCWE-88	7.2^AI	High^AI	2026-02-02
CVE-2026-23887	Group-Office has stored XSS vulnerability via unsanitized filenames — groupofficeCWE-79	5.4^AI	Medium^AI	2026-01-21
CVE-2025-48993	Group-Office vulnerable to reflected XSS via Look and Feel Formatting input — groupofficeCWE-79	6.1^AI	Medium^AI	2025-06-17
CVE-2025-48992	Group-Office vulnerable to blind XSS — groupofficeCWE-79	5.4^AI	Medium^AI	2025-06-16
CVE-2025-48369	GroupOffice vulnerable to Stored XSS in Tasks Comment Section — groupofficeCWE-79	5.4^AI	Medium^AI	2025-05-22
CVE-2025-48368	GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution — groupofficeCWE-79	6.1^AI	Medium^AI	2025-05-22
CVE-2025-48366	GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions — groupofficeCWE-79	5.4^AI	Medium^AI	2025-05-22
CVE-2025-25191	Group-Office has a Stored XSS Vulnerability via user's name field — groupofficeCWE-79	5.4	-	2025-03-06
CVE-2024-22418	Stored Cross-site Scripting Vulnerability via Malicious File Names in GroupOffice — groupofficeCWE-79	6.5	Medium	2024-01-18
CVE-2023-46730	Server-Side Request Forgery in groupoffice — groupofficeCWE-918	7.4	High	2023-11-07

This page lists every published CVE security advisory associated with Intermesh. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Intermesh — Vulnerabilities & Security Advisories 18