3 matches found
CVE-2023-46988
Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...
CVE-2022-24229
A cross-site scripting XSS vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor...
Ascensio System ONLYOFFICE Document Server 跨站脚本漏洞
Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets, presentations and more. A cross-site scripting vulnerability exists in ONLYOFFICE Document Server Example versions prior...