Lucene search
K

4 matches found

Nuclei
Nuclei
added yesterday17 views

ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting

ONLYOFFICE Docs DocumentServer = 8.3.1 contains a reflected XSS caused by improper sanitization of crafted HTTP POST requests via the WOPI protocol, letting attackers inject malicious scripts reflected in HTML response, exploit requires crafted POST requests. id: CVE-2025-5301 info: name:...

6.1CVSS6.4AI score0.36306EPSS
Exploits1References5
Circl
Circl
added 2025/06/12 8:33 a.m.12 views

CVE-2025-5301

creationtimestamp| type| source ---|---|--- 2025-06-12 08:33:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18154 2025-06-12 09:08:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrfl4yrqxp25 2025-12-04 09:54:41+00:00| confirmed|...

6.1CVSS4.8AI score0.36306EPSS
Exploits1References4
NVD
NVD
added 2025/06/12 8:15 a.m.10 views

CVE-2025-5301

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

6.1CVSS0.36306EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/06/12 7:59 a.m.16 views

CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

0.36306EPSS
Exploits1References2
Rows per page
Query Builder