MEDIUM🇬🇧 English

CVE-2025-61950

CVSS 5.3v4.0pub. 2025-12-12upd. 2026-02-17

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Groupsession

    APP
    Groupsession
    < 5.3.0< 5.3.2< 5.3.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-20874HIGH7.5ten sam produkt

Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and ...

CVE-2025-53523MEDIUM4.8ten sam produkt

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession...

CVE-2025-57883MEDIUM5.1ten sam produkt

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSessi...

CVE-2025-54407MEDIUM5.1ten sam produkt

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession ...

CVE-2025-58576MEDIUM5.1ten sam produkt

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession b...