CVE-2021-43446

ONLYOFFICE Docs prior to 8.1.0 are affected by XSS involving macros. The vulnerability stems from macros defined as Immediately-Invoked Function Expressions (IIFEs), enabling sandbox escape by calling the Function constructor. Related CVEs (CVE-2021-43446 and CVE-2023-50883) describe the same mac...

CVE-2021-43445

ONLYOFFICE WebSocket authentication can be bypassed due to a default JWT signing key, affecting all versions up to 2021-11-08. The flaw is incorrect access control in the ONLYOFFICE document editor’s WebSocket service, allowing an unauthenticated attacker to gain privileged access by using the de...

CVE-2021-43444

The CVE-2021-43444 entry concerns ONLYOFFICE: all versions as of 2021-11-08 are affected by Incorrect Access Control due to a weak default URL signing key, enabling forging of signed document download URLs. This is the underlying cause described in the connected records, with a high impact on int...

CVE-2021-43448

The CVE-2021-43448 issue affects ONLYOFFICE all versions up to 2021-11-08 and stems from Improper Input Validation. The vulnerability could allow an attacker to spoof the names of users interacting with a document when the document ID is known. Connected sources corroborate the affected product a...

CVE-2021-43449

CVE-2021-43449 affects ONLYOFFICE all versions as of 2021-11-08. The Document Editor service is vulnerable to Server-Side Request Forgery (SSRF), enabling reading and serving arbitrary URLs as documents. CVSS v3.1 base score 8.1 (HIGH) with NETWORK attack vector, LOW attack complexity, no privile...

CVE-2021-43447

CVE-2021-43447 affects ONLYOFFICE all versions as of 2021-11-08. The root cause is Incorrect Access Control that enables an authentication bypass in the document editor, allowing attackers to edit documents without authentication. CVSS v3.1 base score 7.5 (Network, Low complexity, None privileges...