2 matches found
CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...
The vulnerability of the WOPI protocol implementation in the MyOffice SDK software development kit allows a hacker to manipulate requests from the server.
The vulnerability of the WOPI protocol implementation in the MyOffice SDK software relates to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to manipulate requests from the server remotely...