Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession Free edition | affected |
|
||||||
| Japan Total System Co.,Ltd. | GroupSession byCloud | affected |
|
||||||
| Japan Total System Co.,Ltd. | GroupSession ZION | affected |
|
Configuration 1 [-]
|
No data.
| Vendor | Product | Confidence | Versions |
|---|---|---|---|
| Groupsession | Groupsession | — | — |
| Groupsession | Groupsession Bycloud | — | — |
| Groupsession | Groupsession Zion | — | — |
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 17 Feb 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:groupsession:groupsession:*:*:*:*:bycloud:*:*:* cpe:2.3:a:groupsession:groupsession:*:*:*:*:free:*:*:* cpe:2.3:a:groupsession:groupsession:*:*:*:*:zion:*:*:* |
Fri, 12 Dec 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 12 Dec 2025 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Groupsession
Groupsession groupsession Groupsession groupsession Bycloud Groupsession groupsession Zion |
|
| Vendors & Products |
Groupsession
Groupsession groupsession Groupsession groupsession Bycloud Groupsession groupsession Zion |
Fri, 12 Dec 2025 05:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user. | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: jpcert
Published:
Updated: 2025-12-12T18:41:39.394Z
Reserved: 2025-11-27T05:42:11.318Z
Link: CVE-2025-54407
Vulnrichment
Updated: 2025-12-12T18:41:33.919Z
NVD
Status : Analyzed
Published: 2025-12-12T05:16:07.000
Modified: 2026-02-17T15:44:49.300
Link: CVE-2025-54407
Redhat
No data.
OpenCVE Enrichment
Updated: 2025-12-12T08:48:07Z