7 matches found
EUVD-2021-30379
Malicious code in bioql PyPI...
EUVD-2025-28920
Malicious code in bioql PyPI...
CVE-2025-10255
CVE-2025-10255 affects Ascensio System SIA OnlyOffice up to version 12.7.0. The issue is tied to an unknown function in the file /Products/Projects/Messages.aspx within the Comment Handler component, which can enable remote cross-site scripting via manipulation. Public exploit details exist, and ...
CVE-2025-10255 Ascensio System SIA OnlyOffice Comment Messages.aspx cross site scripting
A vulnerability was determined in Ascensio System SIA OnlyOffice up to 12.7.0. Impacted is an unknown function of the file /Products/Projects/Messages.aspx of the component Comment Handler. Executing manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit h...
CVE-2025-10255 Ascensio System SIA OnlyOffice Comment Messages.aspx cross site scripting
A vulnerability was determined in Ascensio System SIA OnlyOffice up to 12.7.0. Impacted is an unknown function of the file /Products/Projects/Messages.aspx of the component Comment Handler. Executing manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit h...
WordPress ONLYOFFICE Docs plugin 1.1.0-2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function
Missing Authorization to Unauthenticated Privilege Escalation via callback Function vulnerability discovered by kr0d in WordPress Plugin ONLYOFFICE versions 1.1.0-2.2.0...
ONLYOFFICE 授权问题漏洞
Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in all versions of ONLYOFFICE prior to 2021-11-08 that stems from being affected by incorrect access control. An attacker can use the default JWT signature key to authenticate to the Web...