{"id":"CVE-2020-35418","details":"Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.","modified":"2026-04-11T23:13:44.108428Z","published":"2021-04-14T17:15:13.940Z","references":[{"type":"REPORT","url":"https://fatihhcelik.blogspot.com/2020/12/group-office-crm-stored-xss-via-svg-file.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/intermesh/groupoffice","events":[{"introduced":"0"},{"last_affected":"a4330b266505a1499337433921e936887640ce44"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"6.4.196"}],"cpe":"cpe:2.3:a:group-office:group_office:6.4.196:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["v6.3.1","v6.3.10","v6.3.11","v6.3.12","v6.3.14","v6.3.3","v6.3.4","v6.3.5","v6.3.6","v6.3.7","v6.3.8","v6.4.156","v6.4.158","v6.4.159","v6.4.160","v6.4.161","v6.4.162","v6.4.165","v6.4.172","v6.4.173","v6.4.174","v6.4.175","v6.4.176","v6.4.177","v6.4.178","v6.4.179","v6.4.180","v6.4.181","v6.4.182","v6.4.183","v6.4.184","v6.4.185","v6.4.186","v6.4.187","v6.4.194","v6.4.195","v6.4.196","v6.4.23","v6.4.25","v6.4.26","v6.4.27","v6.4.28","v6.4.29","v6.4.30","v6.4.31","v6.4.32","v6.4.33","v6.4.34","v6.4.35","v6.4.36","v6.4.37","v6.4.38","v6.4.39","v6.4.40","v6.4.41","v6.4.42","v6.4.43","v6.4.44","v6.4.49","v6.4.50","v6.4.51"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35418.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}