CVE-2026-45551 | Intermesh groupoffice up to 6.8.164/25.0.1004/26.0.24 Email saveSetting email_font_size cross site scripting
ID: 48d727d4-9ba9-52b7-b35a-a0e8354f0d6f
STIX ID: report--48d727d4-9ba9-52b7-b35a-a0e8354f0d6f
Feed Name: VulDB Recent Entries
Threat Score
GroupOffice contains a stored XSS vulnerability (CVE-2026-45551) in the Email Module's index.php?r=core/saveSetting that lets an authenticated low-privileged user persist an email_font_size value containing JavaScript which is injected into an administrator's browser; the advisory documents technical details, confirms remote exploitation requiring victim interaction, reports no public exploit, and recommends upgrading to versions 6.8.165, 25.0.1005, or 26.0.25 to remediate.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.