20 matches found
EUVD-2021-19520
Malware in sbrugna...
EUVD-2025-18164
Malicious code in bioql PyPI...
EUVD-2024-42317
Malicious code in bioql PyPI...
The vulnerability of the implementation of the WOPI protocol for the ONLYOFFICE Docs office online package allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the WOPI protocol implementation in the ONLYOFFICE Docs online package DocumentServer is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially...
CVE-2025-5301
ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...
CVE-2025-5301
ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...
CVE-2025-5301
ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...
CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...
CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...
CVE-2025-5301
ONLYOFFICE Docs (DocumentServer) <= 8.3.1 is affected by a reflected XSS when opening files via WOPI, caused by improper sanitization of crafted HTTP POST requests. The XSS can result in malicious scripts being reflected in the server’s HTML response. Affected product/version: ONLYOFFICE Docs ...
ONLYOFFICE Docs 跨站脚本漏洞
ONLYOFFICE Docs is an online office software from ONLYOFFICE, Inc. A cross-site scripting vulnerability exists in ONLYOFFICE Docs version 8.3.1 and prior versions, which stems from reflected cross-site scripting when opening a file via the WOPI protocol, which could lead to the execution of...
CVE-2024-47222
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...
CVE-2021-32748
Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI "Web Application Open Platform Interface" protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...
PT-2025-25284
Name of the Vulnerable Software and Affected Versions ONLYOFFICE Docs DocumentServer version 8.3.1 and earlier Description The issue is a reflected cross-site scripting XSS problem that occurs when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST...
CVE-2024-47222
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...
CVE-2024-47222
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...
CVE-2024-47222
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...
CVE-2024-47222
The CVE-2024-47222 entry corresponds to a vulnerability in New Cloud MyOffice SDK Collaborative Editing Server, with affected versions 2.2.2–2.8. The root cause is insufficient validation in the WOPI protocol handling, allowing server-side request forgery (SSRF) via manipulated requests originati...
The vulnerability of the WOPI protocol implementation in the MyOffice SDK software development kit allows a hacker to manipulate requests from the server.
The vulnerability of the WOPI protocol implementation in the MyOffice SDK software relates to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to manipulate requests from the server remotely...
Design/Logic Flaw
Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI "Web Application Open Platform Interface" protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...