{"id":"CVE-2023-25241","details":"bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.","modified":"2026-04-10T05:08:37.557972Z","published":"2023-02-13T21:15:15.447Z","references":[{"type":"ADVISORY","url":"https://portswigger.net/kb/issues/00500b01_cookie-manipulation-reflected-dom-based"},{"type":"EVIDENCE","url":"https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/bgERP/2023/bgERP-v22.31-Cookie-Session-vulnerability%2BXSS-Reflected"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bgerp/bgerp","events":[{"introduced":"0"},{"last_affected":"b488d80a3f1615f9f7764c886da58f0efcbf1125"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"22.31"}]}}],"versions":["v18.25-dev","v20.49-dev","v22.31-dev"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25241.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}