21 matches found
CVE-2022-24229
The CVE-2022-24229 entry describes an XSS vulnerability in ONLYOFFICE Document Server Example prior to version 7.0.0. The affected component/path is the example editor endpoint (/example/editor), allowing remote attackers to inject arbitrary HTML or JavaScript. The issue is tied to an external we...
CVE-2022-29777
Summary: CVE-2022-29777 affects Onlyoffice Document Server (versions ≤ 6.0.0) and Onlyoffice Core (versions ≤ 6.1.0.26). The vulnerability is a heap overflow in the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. Impact : not explicitly quantified beyond the heap overflow in the ...
CVE-2023-46988
CVE-2023-46988 is a path-traversal vulnerability in ONLYOFFICE Document Server prior to 8.0.1. The issue allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter at the /example/editor endpoint, potentially leading to unauthorized access to sensitive files (and DoS)....
CVE-2022-29776
Affected products: OnlyOffice Document Server up to v6.0.0 and OnlyOffice Core up to v6.1.0.26. Root cause: stack overflow in DesktopEditor/common/File.cpp. Impact (as described): stack overflow vulnerability; no exploitation details provided. Recommendations: upgrade to versions above the listed...
CVE-2023-30188
The CVE-2023-30188 entry concerns ONLYOFFICE Document Server versions 4.0.3–7.3.2. The vulnerability is a memory exhaustion issue in the JavaScript File Handler component triggered by a crafted JavaScript file, enabling remote attackers to cause a denial of service. No exploit details are provide...
CVE-2022-48422
CVE-2022-48422 affects ONLYOFFICE Docs up to version 7.3 on certain Linux distributions. The vulnerability arises from a Trojan horse libgcc_s.so.1 placed in the current working directory, which an ONLYOFFICE document can reside in, allowing local privilege escalation. Connected sources consisten...
CVE-2021-3199
CVE-2021-3199 is a path traversal/remote code execution vulnerability in ONLYOFFICE Document Server (pre-5.6.3). The issue arises in /upload when JWT is used, by exploiting a /.. sequence in an image upload parameter, enabling directory traversal and arbitrary code execution per the public CVE de...
CVE-2023-30186
The CVE-2023-30186 issue affects ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2, due to a use-after-free in the JavaScript File Handler component that allows remote attackers to execute arbitrary code by delivering a crafted JavaScript file. Affected product: ONLYOFFICE DocumentServer; vu...
CVE-2020-11534
ONLYOFFICE Document Server 5.5.0 is affected by CVE-2020-11534. The issue arises from NSFileDownloader handling crafted .docx input, allowing parameters to be passed to a binary (e.g., curl or wget) and enabling remote code execution on the server. The available sources describe the impact as rem...
CVE-2020-11536
CVE-2020-11536 affects ONLYOFFICE Document Server 5.5.0. A maliciously crafted .docx can exploit the unzip function to rewrite a binary and remotely execute code on the server. The connected docs confirm the impact as remote code execution via crafted documents, but do not provide a vendor patch ...
CVE-2023-30187
The CVE-2023-30187 issue affects ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2, where an out-of-bounds memory access in the JavaScript File Handler component can be exploited by a crafted JavaScript file to execute arbitrary code remotely. Impact is described as remote code execution wit...
CVE-2020-11535
ONLYOFFICE Document Server 5.5.0 is affected by CVE-2020-11535. A crafted malicious .docx file enables XML injection that can inject parameters into the x2t binary, allowing rewriting of x2t and/or libxcb.so.1 and enabling code execution on the server. The connected documents confirm the affected...
CVE-2020-11537
ONLYOFFICE Document Server 5.5.0 is affected by a SQL Injection vulnerability that allows an attacker to execute arbitrary SQL queries via the DocID parameter of the Websocket API. Root cause: improper handling of input in the Websocket API leading to SQL injection. Impact: high/severe confidenti...
CVE-2021-25833
An attackable bug in ONLYOFFICE DocumentServer is reported for the server module version 4.2.0.71-v5.6.0.21 where the file extension is controllable via request data, enabling arbitrary file overwriting and remote code execution. This vulnerability is described across multiple sources (NVD/CVE-20...
CVE-2021-25829
The CVE-2021-25829 entry concerns ONLYOFFICE DocumentServer core module (versions 4.0.0-9-v5.6.3). The vulnerability arises from improper binary stream data handling in the core component, enabling a denial-of-service that can shut down the target server. Connected sources confirm the affected pr...
CVE-2021-25830
ONLYOFFICE DocumentServer (core module) v4.2.0.236-v5.6.4.13 contains a file extension handling vulnerability triggered when converting a crafted file from DOCT to DOCX. The issue relies on a chain of two other bugs related to improper string handling and can lead to remote code execution on the ...
CVE-2023-50883
ONLYOFFICE Docs prior to version 8.0.1 are affected. The issue stems from a macro implemented as an immediately-invoked function expression (IIFE) that enables sandbox escape by calling the Function constructor, leading to XSS. Impact per sources is XSS; affected component is the macro handling i...
CVE-2021-25831
ONLYOFFICE DocumentServer (core module) vulnerability CVE-2021-25831 affects v4.0.0-9-v5.6.3. A file extension handling issue arises when converting a crafted PPTT file to PPTX, exploited through a chain of two other improper string handling bugs to achieve remote code execution on the server. Th...
CVE-2021-25832
CVE-2021-25832 affects ONLYOFFICE DocumentServer. A heap buffer overflow in the BMP image processing of the core module (document server) can allow remote code execution on vulnerable versions: v4.0.0-9-v6.0.0. The provided documents do not include remediation steps or patch/version details beyon...
CVE-2025-68935
ONLYOFFICE Docs prior to version 9.2.1 is affected by a cross-site scripting (XSS) vulnerability in the Multilevel list settings window’s Font field, related to DocumentServer. The issue is confirmed across multiple sources (including Red Hat, EUVD, NVD, OSV, CVE lists) and lists the vulnerable c...
CVE-2025-68936
Summary: CVE-2025-68936 affects ONLYOFFICE Docs prior to 9.2.1 (DocumentServer relation) and is referenced across multiple feeds as a cross-site scripting (XSS) vulnerability. Affected software: ONLYOFFICE Docs (DocumentServer component referenced in the CVE). Vulnerability details: XSS via the C...