CVE-2024-22418
- Source
- https://cve.org/CVERecord?id=CVE-2024-22418
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22418.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-22418
- Aliases
-
- GHSA-p7w9-h6c3-wqpp
- Published
- 2024-01-18T20:44:57.229Z
- Modified
- 2026-04-10T05:09:11.471894Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L CVSS Calculator
- Summary
- Stored Cross-site Scripting Vulnerability via Malicious File Names in GroupOffice
- Details
-
Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename such as “><img src=x onerror=prompt('XSS')>.jpg” triggers the vulnerability. When this file is uploaded, the JavaScript code within the filename is executed. This issue has been addressed in version 6.8.29. All users are advised to upgrade. There are no known workarounds for this vulnerability.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/22xxx/CVE-2024-22418.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/22xxx/CVE-2024-22418.json
- https://github.com/Intermesh/groupoffice/security/advisories/GHSA-p7w9-h6c3-wqpp
- https://nvd.nist.gov/vuln/detail/CVE-2024-22418
- https://github.com/Intermesh/groupoffice/commit/2a52a5d42d080db6738d70eba30294bcd94ebd09
Affected packages
Git / github.com/intermesh/groupoffice
Affected ranges
- Type
- GIT
- Repo
- https://github.com/intermesh/groupoffice
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v6.*
v6.3.1
v6.3.10
v6.3.11
v6.3.12
v6.3.14
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v6.3.7
v6.3.8
v6.4.23
v6.4.25
v6.4.26
v6.4.27
v6.4.28
v6.4.29
v6.4.30
v6.4.31
v6.4.32
v6.4.33
v6.4.34
v6.4.35
v6.4.36
v6.4.37
v6.4.38
v6.4.39
v6.4.40
v6.4.41
v6.4.42
v6.4.43
v6.4.44
v6.4.49
v6.4.50
v6.4.51
v6.5.30
v6.5.31
v6.5.32
v6.5.33
v6.5.34
v6.5.35
v6.5.36
v6.5.37
v6.5.38
v6.5.39
v6.5.41
v6.5.42
v6.5.43
v6.5.44
v6.5.45
v6.5.46
v6.5.47
v6.5.48
v6.5.49
v6.5.50
v6.5.51
v6.5.52
v6.5.53
v6.5.54
v6.5.55
v6.5.56
v6.5.57
v6.5.58
v6.5.59
v6.5.60
v6.5.61
v6.5.62
v6.5.63
v6.5.64
v6.5.65
v6.5.66
v6.5.67
v6.5.68
v6.5.69
v6.5.70
v6.5.71
v6.5.72
v6.5.73
v6.5.74
v6.5.75
v6.5.76
v6.5.77
v6.5.78
v6.5.79
v6.5.80
v6.5.81
v6.5.82
v6.5.84
v6.5.85
v6.5.86
v6.5.88
v6.5.89
v6.5.90
v6.5.91
v6.5.92
v6.5.93
v6.5.95
v6.5.96
v6.6.100
v6.6.102
v6.6.103
v6.6.104
v6.6.105
v6.6.106
v6.6.107
v6.6.110
v6.6.117
v6.6.118
v6.6.119
v6.6.124
v6.6.125
v6.6.126
v6.6.127
v6.6.128
v6.6.129
v6.6.130
v6.6.131
v6.6.132
v6.6.133
v6.6.134
v6.6.135
v6.6.136
v6.6.137
v6.6.138
v6.6.139
v6.6.140
v6.6.141
v6.6.143
v6.6.27
v6.6.28
v6.6.29
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.70
v6.6.71
v6.6.72
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.6.95
v6.6.96
v6.6.97
v6.6.98
v6.6.99
v6.7.10
v6.7.11
v6.7.12
v6.7.13
v6.7.14
v6.7.15
v6.7.17
v6.7.19
v6.7.20
v6.7.22
v6.7.24
v6.7.25
v6.7.26
v6.7.27
v6.7.28
v6.7.29
v6.7.30
v6.7.31
v6.7.32
v6.7.33
v6.7.35
v6.7.36
v6.7.37
v6.7.38
v6.7.39
v6.7.40
v6.7.41
v6.7.42
v6.7.43
v6.7.44
v6.7.8
v6.7.9
v6.8.10
v6.8.11
v6.8.12
v6.8.14
v6.8.15
v6.8.16
v6.8.17
v6.8.18
v6.8.19
v6.8.21
v6.8.23
v6.8.24
v6.8.25
v6.8.26
v6.8.28
v6.8.6
v6.8.7
v6.8.9