CVE-2022-24229

A cross-site scripting XSS vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor...

Ascensio System ONLYOFFICE Document Server 跨站脚本漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets, presentations and more. A cross-site scripting vulnerability exists in ONLYOFFICE Document Server Example versions prior...

CVE-2021-40864

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields...

CVE-2021-40864

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields...

Code injection

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields...

CVE-2021-40864

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields...

CVE-2021-40864

CVE-2021-40864 affects the Translate plugin for ONLYOFFICE Document Server (versions 6.1.x–6.3.x prior to 6.3.0.72). The vulnerability stems from missing escape calls for the msg.data and text fields, leading to improper handling of input. The NVD metrics indicate a high to critical impact, with ...

Ascensio System ONLYOFFICE Document Server 安全漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations. A security vulnerability exists in versions 6.1.x through 6.3.0.71 of the Translate plug-in for...

ONLYOFFICE Document Server File Extension Handling Vulnerability

ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. ONLYOFFICE Document Server suffers from a file extension handling vulnerability that can be exploited by an attacker requesting data to control file...

ONLYOFFICE Document Server Buffer Overflow Vulnerability

ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A buffer overflow vulnerability exists in the BMP image processing of the ONLYOFFICE Document Server core module, which can be exploited by an attacke...

ONLYOFFICE Document Server File Extension Handling Vulnerability (CNVD-2021-17247)

ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A file extension handling vulnerability exists in the ONLYOFFICE DocumentServer core module, which can be exploited by an attacker to remotely execute...

Unspecified Vulnerability in ONLYOFFICE Document Server

ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A security vulnerability exists in the ONLYOFFICE DocumentServer core module, which can be exploited by an attacker to shut down the target server...

ONLYOFFICE Document Server File Extension Handling Vulnerability (CNVD-2021-17248)

ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A file extension handling vulnerability exists in the ONLYOFFICE DocumentServer core module, which can be exploited by an attacker to remotely execute...

Dockerhub Document Server 安全漏洞

ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A file extension handling vulnerability exists in the ONLYOFFICE DocumentServer core module, which can be exploited by an attacker to remotely execute...

Dockerhub DocumentServer 路径遍历漏洞

ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. ONLYOFFICE Document Server suffers from a file extension handling vulnerability that can be exploited by an attacker requesting data to control file...

ONLYOFFICE Document Server 缓冲区错误漏洞

ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A buffer overflow vulnerability exists in the BMP image processing of the ONLYOFFICE Document Server core module, which can be exploited by an attacke...

Ascensio System ONLYOFFICE Document Server 安全漏洞

ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A file extension handling vulnerability exists in the ONLYOFFICE DocumentServer core module, which can be exploited by an attacker to remotely execute...

ONLYOFFICE Document Server Path Traversal Vulnerability

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. A path traversal vulnerability exists in ONLYOFFICE Document Server, which stems from th...

CVE-2021-3199

Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter...

CVE-2021-3199

Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter...