4 matches found
ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting
ONLYOFFICE Docs DocumentServer = 8.3.1 contains a reflected XSS caused by improper sanitization of crafted HTTP POST requests via the WOPI protocol, letting attackers inject malicious scripts reflected in HTML response, exploit requires crafted POST requests. id: CVE-2025-5301 info: name:...
CVE-2025-5301
creationtimestamp| type| source ---|---|--- 2025-06-12 08:33:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18154 2025-06-12 09:08:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrfl4yrqxp25 2025-12-04 09:54:41+00:00| confirmed|...
CVE-2025-5301
ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...
CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...