CVE-2021-43448

2023-01-2315:15:13

Google

osv.dev

cve-2021-43448

improper input validation

user document interaction

EPSS

0.001

Percentile

35.7%

JSON

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known.

References

github.com/ONLYOFFICE/server

labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/

www.onlyoffice.com/

EPSS

0.001

Percentile

35.7%

JSON

Related for OSV:CVE-2021-43448