Every CVE whose affected-product data names Groupsession, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2021-20874 — CVSS 7.5 (high): Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud…
CVE-2021-20876 — CVSS 6.8 (medium): Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession…
CVE-2017-2165 — CVSS 6.5 (medium): GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information…
CVE-2025-57883 — CVSS 6.1 (medium): Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3…
CVE-2025-54407 — CVSS 6.1 (medium): Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3…
CVE-2021-20789 — CVSS 6.1 (medium): Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud…
CVE-2021-20875 — CVSS 6.1 (medium): Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession…
CVE-2017-2166 — CVSS 6.1 (medium): Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and…
CVE-2025-65120 — CVSS 6.1 (medium): Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1…
CVE-2025-66284 — CVSS 5.4 (medium): Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1…
CVE-2025-53523 — CVSS 5.4 (medium): Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3…
CVE-2025-62192 — CVSS 5.4 (medium): SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession…
CVE-2025-61987 — CVSS 5.3 (medium): GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not…
CVE-2021-20787 — CVSS 4.8 (medium): Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession…
CVE-2021-20785 — CVSS 4.8 (medium): Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession…
CVE-2025-64781 — CVSS 4.7 (medium): In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External…
CVE-2025-58576 — CVSS 4.3 (medium): Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and…
CVE-2021-20788 — CVSS 4.3 (medium): Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0…
CVE-2021-20786 — CVSS 4.3 (medium): Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0…
CVE-2025-61950 — CVSS 4.3 (medium): In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented…