Lucene search
K

5 matches found

CVE
CVE
added 2022/04/08 11:6 a.m.99 views

CVE-2022-24229

The CVE-2022-24229 entry describes an XSS vulnerability in ONLYOFFICE Document Server Example prior to version 7.0.0. The affected component/path is the example editor endpoint (/example/editor), allowing remote attackers to inject arbitrary HTML or JavaScript. The issue is tied to an external we...

6.1CVSS5.9AI score0.0185EPSS
CVE
CVE
added 2021/01/22 2:41 a.m.66 views

CVE-2021-3199

CVE-2021-3199 is a path traversal/remote code execution vulnerability in ONLYOFFICE Document Server (pre-5.6.3). The issue arises in /upload when JWT is used, by exploiting a /.. sequence in an image upload parameter, enabling directory traversal and arbitrary code execution per the public CVE de...

9.8CVSS9.7AI score0.08215EPSS
CVE
CVE
added 2024/09/09 12:0 a.m.50 views

CVE-2023-50883

ONLYOFFICE Docs prior to version 8.0.1 are affected. The issue stems from a macro implemented as an immediately-invoked function expression (IIFE) that enables sandbox escape by calling the Function constructor, leading to XSS. Impact per sources is XSS; affected component is the macro handling i...

6.1CVSS6.2AI score0.00574EPSS
CVE
CVE
added 2025/12/25 8:5 p.m.24 views

CVE-2025-68935

ONLYOFFICE Docs prior to version 9.2.1 is affected by a cross-site scripting (XSS) vulnerability in the Multilevel list settings window’s Font field, related to DocumentServer. The issue is confirmed across multiple sources (including Red Hat, EUVD, NVD, OSV, CVE lists) and lists the vulnerable c...

6.4CVSS5.8AI score0.00178EPSS
CVE
CVE
added 2025/12/25 8:7 p.m.14 views

CVE-2025-68936

Summary: CVE-2025-68936 affects ONLYOFFICE Docs prior to 9.2.1 (DocumentServer relation) and is referenced across multiple feeds as a cross-site scripting (XSS) vulnerability. Affected software: ONLYOFFICE Docs (DocumentServer component referenced in the CVE). Vulnerability details: XSS via the C...

6.4CVSS5.8AI score0.00178EPSS