Lucene search
HistoryFeb 07, 2023 - 8:15 p.m.
CVE-2022-47412
onlyoffice
workspace dms
vulnerability
stored xss
cve-2022-47412
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.4%
Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition.
Affected configurations
Node
onlyofficeworkspaceRange≤12.1.0.1760
| CPE | Name | Operator | Version |
|---|---|---|---|
| onlyoffice:workspace | onlyoffice workspace | le | 12.1.0.1760 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Workspace",
"vendor": "ONLYOFFICE",
"versions": [
{
"lessThanOrEqual": "12.1.0.1760",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2022-47412
2023-02-07 20:15:08
cvelist
cvelist
CVE-2022-47412 ONLYOFFICE Workspace Search Stored XSS
2023-02-07 19:16:17
prion
prion
Cross site scripting
2023-02-07 20:15:00
osv
osv
thn
thn
Unpatched Security Flaws Disclosed in Multiple Document Management Systems
2023-02-08 15:15:00
rapid7blog
rapid7blog
Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)
2023-02-07 14:05:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.4%
Related for CVE-2022-47412