GroupSession Cross-Site Scripting Vulnerability

MEDIUM (6.1) No Patch (2 days)

Threat Intelligence

Low Risk

EPSS Score: 0.03% chance of exploitation (percentile: 9%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

GroupSession is a free edition of a web-based HR management system. This vulnerability allows attackers to execute arbitrary scripts on users' web browsers by accessing crafted pages or URLs. If an attacker can trick a user into visiting a malicious page, they may be able to steal sensitive information or take control of the user's session.

Am I affected?

You're affected if you use Reflected cross-site scripting vulnerability exists. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

DynamiApps / GroupSession Free

How to fix

To fix this vulnerability, upgrade to GroupSession Free edition ver5.7.1 or later. If an immediate upgrade isn't possible:

Restrict network access to your GroupSession instance (firewall it from the public internet)
Audit admin account activity for suspicious access patterns
Monitor for unauthorized token creation