Primary

Context

GroupSession External Page Display Restriction Vulnerability Leading to Unintended Redirection

Vulnerability

Patched

A vulnerability exists in GroupSession Free edition, GroupSession byCloud, and GroupSession ZION, all prior to version 5.7.1. The issue arises because the default setting for 'External page display restriction' allows unrestricted access. As a result, users may be redirected to arbitrary websites when they click on specially crafted URLs.

Impact

Exploitation of this vulnerability can lead to users being redirected to arbitrary websites, potentially causing phishing or other malicious outcomes.

Remediation

Users are advised to update GroupSession to the latest version. Instructions for downloading the latest version of the free edition are available on the GroupSession website. Note that byCloud has already been updated.

Added: Dec 12, 2025, 5:46 AM

Updated: Dec 12, 2025, 5:46 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.8

exploitability

6.0

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.8

exploitability

6.0

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GroupSession External Page Display Restriction Vulnerability Leading to Unintended Redirection

Vulnerability

Impact

Remediation

Affected Products

Japan Total System GroupSession

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating