Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.
References
Link | Resource |
---|---|
http://group-office.com | Product |
http://intermesh.com | Broken Link Not Applicable |
https://github.com/brainkok/CVE-2023-25292 | Exploit Third Party Advisory |
Configurations
History
05 May 2023, 20:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
First Time |
Group-office group Office
Group-office |
|
References | (MISC) http://group-office.com - Product | |
References | (MISC) https://github.com/brainkok/CVE-2023-25292 - Exploit, Third Party Advisory | |
References | (MISC) http://intermesh.com - Broken Link, Not Applicable | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:group-office:group_office:6.6.145:*:*:*:*:*:*:* |
27 Apr 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-27 01:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-25292
Mitre link : CVE-2023-25292
CVE.ORG link : CVE-2023-25292
JSON object : View
Products Affected
group-office
- group_office
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')