{"id":"CVE-2020-35419","details":"Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.","modified":"2026-04-10T04:26:26.222275Z","published":"2021-04-14T17:15:14.003Z","references":[{"type":"REPORT","url":"https://fatihhcelik.github.io/posts/Group-Office-CRM-Stored-XSS-via-SVG-File/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/intermesh/groupoffice","events":[{"introduced":"0"},{"last_affected":"a4330b266505a1499337433921e936887640ce44"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.4.196"}]}}],"versions":["v6.3.1","v6.3.10","v6.3.11","v6.3.12","v6.3.14","v6.3.3","v6.3.4","v6.3.5","v6.3.6","v6.3.7","v6.3.8","v6.4.156","v6.4.158","v6.4.159","v6.4.160","v6.4.161","v6.4.162","v6.4.165","v6.4.172","v6.4.173","v6.4.174","v6.4.175","v6.4.176","v6.4.177","v6.4.178","v6.4.179","v6.4.180","v6.4.181","v6.4.182","v6.4.183","v6.4.184","v6.4.185","v6.4.186","v6.4.187","v6.4.194","v6.4.195","v6.4.196","v6.4.23","v6.4.25","v6.4.26","v6.4.27","v6.4.28","v6.4.29","v6.4.30","v6.4.31","v6.4.32","v6.4.33","v6.4.34","v6.4.35","v6.4.36","v6.4.37","v6.4.38","v6.4.39","v6.4.40","v6.4.41","v6.4.42","v6.4.43","v6.4.44","v6.4.49","v6.4.50","v6.4.51"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35419.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}