Threats Tagged 'cve-2026-45551'
View all threats tagged with 'cve-2026-45551'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-45551'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-45551: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Intermesh groupofficeCVE-2026-45551 0 Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any user_id via index.php?r=core/saveSetting. A separate client-side sink in the email module injects the email_font_size setting directly into JavaScript without escaping. By combining these two issues, any low-privileged authenticated user can overwrite an administrator's email_font_size setting with a JavaScript payload and trigger stored XSS in the administrator's browser when the GroupOffice web client loads views/Extjs3/modulescripts.php. This vulnerability is fixed in 26.0.25, 25.0.100, and 6.8.165. Join the discussion | CVE Database V5 | 05/29/2026, 12:34:22 UTC Added: 05/29/2026, 12:48:35 UTC |
Showing 1 to 1 of 1 result