{"id":"CVE-2023-25292","details":"Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.","modified":"2026-04-10T04:56:00.231739Z","published":"2023-04-27T01:15:08.283Z","references":[{"type":"WEB","url":"http://intermesh.com"},{"type":"WEB","url":"http://group-office.com"},{"type":"EVIDENCE","url":"https://github.com/brainkok/CVE-2023-25292"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/intermesh/groupoffice","events":[{"introduced":"0"},{"last_affected":"5b6d24ba001e98d859016bf8d09ab5e2e5630dab"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.6.145"}]}}],"versions":["v6.3.1","v6.3.10","v6.3.11","v6.3.12","v6.3.14","v6.3.3","v6.3.4","v6.3.5","v6.3.6","v6.3.7","v6.3.8","v6.4.23","v6.4.25","v6.4.26","v6.4.27","v6.4.28","v6.4.29","v6.4.30","v6.4.31","v6.4.32","v6.4.33","v6.4.34","v6.4.35","v6.4.36","v6.4.37","v6.4.38","v6.4.39","v6.4.40","v6.4.41","v6.4.42","v6.4.43","v6.4.44","v6.4.49","v6.4.50","v6.4.51","v6.5.30","v6.5.31","v6.5.32","v6.5.33","v6.5.34","v6.5.35","v6.5.36","v6.5.37","v6.5.38","v6.5.39","v6.5.41","v6.5.42","v6.5.43","v6.5.44","v6.5.45","v6.5.46","v6.5.47","v6.5.48","v6.5.49","v6.5.50","v6.5.51","v6.5.52","v6.5.53","v6.5.54","v6.5.55","v6.5.56","v6.5.57","v6.5.58","v6.5.59","v6.5.60","v6.5.61","v6.5.62","v6.5.63","v6.5.64","v6.5.65","v6.5.66","v6.5.67","v6.5.68","v6.5.69","v6.5.70","v6.5.71","v6.5.72","v6.5.73","v6.5.74","v6.5.75","v6.5.76","v6.5.77","v6.5.78","v6.5.79","v6.5.80","v6.5.81","v6.5.82","v6.5.84","v6.5.85","v6.5.86","v6.5.88","v6.5.89","v6.5.90","v6.5.91","v6.5.92","v6.5.93","v6.5.95","v6.5.96","v6.6.100","v6.6.102","v6.6.103","v6.6.104","v6.6.105","v6.6.106","v6.6.107","v6.6.110","v6.6.117","v6.6.118","v6.6.119","v6.6.124","v6.6.125","v6.6.126","v6.6.127","v6.6.128","v6.6.129","v6.6.130","v6.6.131","v6.6.132","v6.6.133","v6.6.134","v6.6.135","v6.6.136","v6.6.137","v6.6.138","v6.6.139","v6.6.140","v6.6.141","v6.6.143","v6.6.144","v6.6.145","v6.6.27","v6.6.28","v6.6.29","v6.6.30","v6.6.31","v6.6.32","v6.6.33","v6.6.34","v6.6.35","v6.6.36","v6.6.37","v6.6.38","v6.6.39","v6.6.40","v6.6.41","v6.6.42","v6.6.43","v6.6.44","v6.6.45","v6.6.46","v6.6.47","v6.6.48","v6.6.49","v6.6.50","v6.6.51","v6.6.52","v6.6.53","v6.6.54","v6.6.55","v6.6.56","v6.6.57","v6.6.58","v6.6.59","v6.6.60","v6.6.61","v6.6.62","v6.6.63","v6.6.64","v6.6.65","v6.6.66","v6.6.67","v6.6.68","v6.6.69","v6.6.70","v6.6.71","v6.6.72","v6.6.81","v6.6.82","v6.6.83","v6.6.84","v6.6.85","v6.6.86","v6.6.87","v6.6.88","v6.6.89","v6.6.90","v6.6.91","v6.6.92","v6.6.93","v6.6.94","v6.6.95","v6.6.96","v6.6.97","v6.6.98","v6.6.99"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25292.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}